Reported to: All incidents will be sent to the Incident Report mail list and the helpdesk. Add additional name if needed.
Confidential - Risk Level: HIGH (Describe) Data whose loss, corruption, or unauthorized access would pose an extreme identity or financial risk to the College, a school partner, or the public and require notification of the MA Attorney General and affected users.
Confidential data includes data that is protected by the following federal or state laws or regulations: 201CMR17.00 (Mass Security Regs), 16 CFR 313 (Privacy of Consumer Financial Information), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the FTC’s Red Flag Rules. Information protected by these laws includes, but is not limited to, PI, NFI and Protected Health Information (PHI).
Examples:
• Social Security Number
• Credit/Debit Card Number
• Bank/Financial Account Numbers
• HIPAA or medical records
• Passwords or Biometric data
• Driver’s License or State ID number
Restricted - Risk Level: HIGH (Describe) Restricted data includes data protected by the Family Educational Rights and Privacy Act (FERPA), referred to as student education records. This data also includes, but is not limited to, donor information, intellectual property (proprietary research, patents, etc.), College financial and investment records, employee salary information, or information related to legal or disciplinary matters.
Examples:
• Student ID
• Employee ID
• HR Documents
• College Proprietary Data or Intellectual Property
• Copyrighted College or Student material
• Board meeting minutes
• Expense reports
• Litigation
• Software license numbers
• College infrastructure plans
• System configuration/log files
• Social Security Number
• Credit/Debit Card Number
• Bank/Financial Account Numbers
• HIPAA or medical records
• Passwords or Biometric data
• Driver’s License or State ID number
• FERPA records
• Training data
Public (or Unrestricted) - Risk Level: LOW to NONE (Describe) Data to which the general public has access
Examples:
• Any data found on www.hebrewcollege.edu
• Policies
• Publications
• Academic Calendar
• Campus Maps
Other - Risk Level: TBD (Describe) Data to which the general public has access
Examples:
• Any data found on www.hebrewcollege.edu
• Policies
• Publications
• Academic Calendar
• Campus Maps
Planned Action and Resulting Preventative Measures Include initially planned actions if known.
Other Information Please provide any additional information that you feel is important but has not been provided elsewhere on this form.
What is the Business Continuity Plan? In the event something like this happens, what is the failover option?
How can we improve support? Detail any room for improvement on how the IT team responded to the issue. Mention any missteps or mishandling of the situation and detail where things could be improved.
Other details to note Describe anything else that may have happened out of the scope of the incident or anything that may have cropped up during troubleshooting that needs to be addressed. Or add any other details that don't fit above.
