Jump to Footer

Security Incident Procedures Policy

Approved by Executive Council on June 7, 2011

Policy Number Policy Owner
10009.1.P Library and Information Technology Services

1.0    Purpose

To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.

2.0    Revision History

Date Version Change Ref Section
6/7/2011 1.0 New Document  
10/7/2015 1.1 Minor Revisions  
1/11/2017 1.2 Minor Revisions  

3.0    Units and Persons Affected

  • SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.
  • SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.

4.0    Policy

  • SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:
    • Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
    • If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.
      • SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate. 
      • The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.

5.0    Definitions

  • Electronic media
  • Security incident
  • Sensitive Information
  • Staff member

6.0    Responsibilities

All SUNY Plattsburgh staff members will comply with this policy.

7.0    Procedures


8.0    Documents

SUNY Cyber Incident Reporting Procedures

Back to top