Identifies roles and responsibilities for responding to information spills.


  • This Control applies to the university Chief Information Security Officer and Information Resource Owner.


  • 1

    Information Resource Owners are responsible for responding to information spills by:

    • 1.1

      Identifying the specific information involved in the system contamination.

    • 1.2

      Alerting the CISO of the information spill according to reporting guidelines described in IR-6, and using a method of communication not associated with the spill.

  • 2

    The Office of the CISO is responsible to respond to the report of information spillage by:

    • 2.1

      Isolating the contaminated system or system component.

    • 2.2

      Eradicating the information from the contaminated system or component.

    • 2.3

      Identifying other systems or system components that may have been subsequently contaminated.