This control applies to all unit heads, information resource owners or custodians, and third parties who are responsible for Texas A&M information resources assets. This Control is intended to address those incident situations that escalate beyond the capability of one unit or department to handle effectively and/or have consequences potentially impacting resources outside of the unit, or if a security incident is determined to be significant (e.g., the disclosure of confidential information).

Common events like malware or other events that are detected, mitigated, and resources restored within a reasonable amount of time, with locally available unit resources, are not included in these procedures.

Each unit shall develop documented procedures for assessing the significance of a security incident based on the business impact on the affected resources and the current and potential technical effect of the incident, e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks.

Policies and procedures for responding to information resource incidents are covered in Control IR-6 Incident Reporting.