- Security threats requiring quick measures (e.g. passwords going astray) must be reported to the university’s incident response team (IRT) by sending an e-mail to irt@inn.no
- Other information security nonconformities must be reported to the Chief Security Officer (CSO) by sending an e-mail to cso@inn.no
If the report contains confidential information or sensitive personal data, we ask that you create the nonconformity report as a Word document and classify it as confidential. The document can be sent through the university’s Public360 archive system.
What should the report contain?
In order to follow up inquiries in a proper manner, we would like the e-mail you send to describe the following:
- What has happened, where did it happen and how did it occur?
- Date or time of the nonconformity – when was it detected
- Has information become known (potentially known) to unauthorised persons? If yes: describe how the information became known (misdirected e-mail, posted on the internet, etc.) and the number of people it may have become known to.
- Has information been lost or unavailable for a period of time? Did it have minor or major consequences?
- Has information been altered by unauthorised persons or by accident?
- How many people are affected by the nonconformity? Give an estimate if you are unable to answer exactly.
- Who can be contacted for more information about the nonconformity?
If you do not have a full overview right away, send a brief description and follow up with more information later.