Report nonconformities

If you notice a breach of security or a nonconformity regarding information security procedures, you must report it as soon as possible. 

  • Security threats requiring quick measures (e.g. passwords going astray) must be reported to the university’s incident response team (IRT) by sending an e-mail to 
  • Other information security nonconformities must be reported to the Chief Security Officer (CSO) by sending an e-mail to 

If the report contains confidential information or sensitive personal data, we ask that you create the nonconformity report as a Word document and classify it as confidential. The document can be sent through the university’s Public360 archive system. 

What should the report contain? 

In order to follow up inquiries in a proper manner, we would like the e-mail you send to describe the following: 

  • What has happened, where did it happen and how did it occur? 
  • Date or time of the nonconformity – when was it detected 
  • Has information become known (potentially known) to unauthorised persons? If yes: describe how the information became known (misdirected e-mail, posted on the internet, etc.) and the number of people it may have become known to. 
  • Has information been lost or unavailable for a period of time? Did it have minor or major consequences? 
  • Has information been altered by unauthorised persons or by accident? 
  • How many people are affected by the nonconformity? Give an estimate if you are unable to answer exactly. 
  • Who can be contacted for more information about the nonconformity? 

If you do not have a full overview right away, send a brief description and follow up with more information later. 

Last modified Nov. 30, 2021 2:52 PM