INCIDENT FOLLOW-UP REPORT

5350.3 INCIDENT FOLLOW-UP REPORT
(New 03/08)

Each agency having ownership responsibility for the asset (SAM Section 5320.1) must complete an Agency Information Security Incident Report (SIMM Section 65C) for each incident. The report is signed by the agency's director, Information Security Officer, and Privacy Officer if needed. Submit the report to the Office within ten (10) business days from the date of notification.

Any incident involving personal identifying information may require the agency to notify the effected individuals and additional reporting may be necessary for agencies that must adhere to Health Insurance portability and Accountability Act (HIPAA) requirements. Refer to the California Office of HIPAA Implementation (CalOHI) Policy Memorandum 2006-77 which can be found on the CalOHI website at http://www.ohi.ca.gov/.

The Office may require that the agency provide additional information in conjunction with its assessment of the incident.

AUTHORITY STANDARDS GUIDANCE FORMS TOOLS

Back to Information Security (Office of Information Security and Privacy Protection) (Section 5300)

Next Section

Quick Links

SAM - Chapter 5300