IR-6 Incident Reporting

Last Review: 10/1/22


West Texas A&M University requires personnel to promptly report suspected security incidents to the organizational incident response capability and reports security incident information to the information security officer.


This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources or third parties who are responsible for WTAMU Information Resources.


  • Security incidents shall be promptly reported to immediate supervisors and the University Information Security Officer. Security incidents that require timely reporting include those events that are assessed to:
    • Propagate to other state systems;
    • Result in criminal violations that shall be reported to law enforcement; or
    • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information as defined in §521.002(a)(2), Business and Commerce Code, and other applicable laws that may require public notification.
  • If the security incident is assessed to involve suspected criminal activity (e.g., violations of Chapters 33, Penal Code (Computer Crimes) or Chapter 33A, Penal Code (Telecommunications Crimes)), the security incident shall be investigated, reported, and documented in a manner that restores operation promptly while meeting the legal requirements for handling of evidence.
  • Incidents shall also be reported to the appropriate Texas A&M University System offices based upon the Notification Matrix maintained by the System Chief Information Security Officer.
  • Depending on the criticality of the incident, it will not always be feasible to gather all the information prior to reporting. In such cases, incident response teams should continue to report information as it is collected.
  • Summary reports of security-related events shall be sent no later than nine (9) calendar days after the end of the month. The University shall submit summary security incident reports in the form and manner specified by the department. Supporting vendors or other third parties that report security incident information to WTAMU shall submit such reports to the University in the form and manner specified by the department, unless otherwise directed by WTAMU.