sirf guide

7/28/2019 Sirf Guide

1/6

NSTS SECURITY INCIDENT REPORTING SCHEME - GUIDELINES FOR USERS

Author: Sally Holman Version: 5Authority: Alan Smith 22 September 2003

Contents Page

1 INTRODUCTION

2 This document provides an introduction to the procedure to be followed by users of

the NSTS in reporting any security incidents. Note that the reporting of securityincidents in relation to NHSnet is not covered by this document, as this the subjectof a separate procedure.

3 WHAT TYPE OF ACTIVITY SHOULD I REPORT ?

4 Any violation of the NSTS Security Policy and the related Access and SecurityProtocols. The range of potential security incidents is extremely broad and includes,but is not limited to, those incidents which have had or could have had a knock-oneffect upon the disclosure, denial of access to, destruction or modification of NSTSdata. In practice, an incident could relate to any facet of the NSTS Security Policyor Access and Security Protocols.

5 WHY SHOULD I REPORT A SECURITY INCIDENT ?

6 The NSTS Security Policy requires you to report any security incident.

7 The Schlumberger Sema Help Desk will provide a reliable, single point of contact forincident reporting, including security emergencies, relating to the NSTS. When youreport an incident to Schlumberger Sema, they will be able to provide pointers toappropriate user or technical documents and offer suggestions on recovering thesecurity of the NSTS. Thus, depending upon the nature of the incident you mayreceive technical assistance from Schlumberger Sema.

8 Schlumberger Sema will receive incident reports from throughout the NSTS usercommunity. By reporting your incident, you allow Schlumberger Sema to relateincidents with similar characteristics, thereby helping them to identify and respond toany areas of vulnerability, or to identify any areas where greater user awareness isneeded.

9 Your report will also allow better statistics on security incidents to be kept.

10 Finally, reporting any security incidents is part of being a responsible user of theNSTS.


2/6

NSTS Security Incident Reporting Scheme Guidelines for Users NSTS

11 WHO SHOULD I REPORT THE INCIDENT TO ?

12 Your Caldicott Guardian/Delegated Authority (or appointed local IM&TSecurity Manager)

13 It is recommended that you report any incidents, which you think, may affect thesecurity of the NSTS to your Caldicott Guardian/Delegated Authority, or local IM&TSecurity Manager if this is deemed to be more appropriate.

14 Schlumberger Sema Help Desk

15 All security incidents should be reported to Schlumberger Sema through the HelpDesk, who will log the call, categorise it and contact the Schlumberger Sema NSTSSecurity Manager.

16 NHS Number Programme Security Manager

17 The NNP Security Manager will automatically be copied on any reports you send tothe Schlumberger Sema Help Desk.

18 WHAT SHOULD I INCLUDE IN MY SECURITY INCIDENT REPORT ?

19 Security Incident Reporting Form

20 When you report a security incident, it is important to ensure that you provideenough information for Schlumberger Sema to be able to understand and respondto your report. The NNP Security Manager and Schlumberger Sema NSTS SecurityManager have jointly developed a Security Incident Reporting Form designed tohelp you in reporting a security incident. This form prompts you for all the

information discussed below in an organised manner and is reproduced as anAnnex to this document.

21 In order to ensure that users can report security related incidents in confidence, noinformation about a user organisation's involvement in a security incident will bereleased without their explicit permission.

22 Information about how to contact you

23 In order to ensure that Schlumberger Sema is able to contact you, please provide asmuch detailed contact information as you are willing to disclose. Apart from your e-mail address and telephone number, please supply, if possible, your address, mobile

phone number, pager number, or other means of contacting you. It is also a goodidea to provide an alternative contact at your site.

24 Description of incident

25 One of the most important parts of any security incident report is a description of theactivities leading up to the security incident. Please provide as much information aspossible about the circumstances prevailing at the time, including the facilities inuse, how the incident came about, how it was detected etc.

26 Note, however, that you SHOULD NOT include in your report any information thatwould identify a specific patient or NSTS user.

22 September 2003 Page 2 of 6 Version 4


3/6


27 Aspects of the NSTS Security Policy violated

28 Whenever possible, you should try to relate the incident to those aspect(s) of theNSTS Security Policy and related NSTS Access and Security Protocols which youbelieve may have been compromised. This is best achieved by quoting the sectionname and paragraph numbers of these documents, which are maintained at theNSTS web site on http://www.connectingforhealth.nhs.uk/nsts.

29 Extracts of audit reports

30 Audit reports can be helpful in providing additional background to security incidents.Whenever possible, include these if they provide more detail than your description.Section(s) of reports not related to the reported security incident should be removedto help avoid confusion. You should also blank out any information on the reportthat would identify a specific patient or NSTS user.

31 Seriousness of the security incident

32 It is necessary to prioritise security incidents. Any major incidents, especially thoserelating to any unauthorised disclosure of information, will be consideredemergencies. Although the description of the security incident can be very valuablein helping to prioritise a response, please take a few minutes to make your ownjudgement about the seriousness of the incident using the simple pro-formaprovided.

33 HOW SHOULD I REPORT AN INCIDENT ?

34 You may report a security incident to the Schlumberger Sema Help Desk by:

(1) Telephone on 0121 788 4001;

(2) Fax. on 0161 601 7515.

35 In any event, you should submit a completed Security Incident Report form.

36 WHEN SHOULD I REPORT AN INCIDENT ?

37 The NSTS Security Policy requires that security incidents be reported as and whenthey occur. Reports sent very shortly after the incident are likely to be the mostvaluable, but even if there is a delay between an incident occurring and youdiscovering it, please send in your report.



4/6


NHS Strategic Tracing ServiceSecurity Incident Report Form

(Please Read Covering Text Before Completing This Form)

Date and Time of Report:

Date and Time of Incident:

Contact Details:

Description of Incident:

Aspects of Security Policy Violated

Extracts of Audit Reports



5/6


Seriousness of Incident (Impact)Type of Impact

Yes/No

Disclosure of Information

Denial of Access to Information

Destruction of Information

Modification of Information

Seriousness of Incident (Severity)

Severity Level

Types of Incident

2 Major Security Incident

Media tape loss

Personal information abused/disclosed

Security vulnerability

Small-scale data disclosure

Widespread data disclosure

Small-scale data corruption

Widespread data corruption

3 Minor Security Incident

Correspondence missing

Incremental update late

Login failure

Possible vulnerability

Session left unattended

System-generated message



6/6


For NNP Security Manager and Schlumberger Sema NSTS SecurityManager use only

Explanation for incident:

Date resolved:

How incident was resolved:

Action taken to prevent future incidents:


sirf guide

Documents