Reporting Information Security Incidents to Outside Authorities

You may be obliged to report certain Information Security incidents to external authorities, such as: regulatory bodies for your industry, third party associates (for example your ISP) and law enforcement agencies. The responsibility for making such reports usually lies with senior management.

To view the related Policy click      

  • Your organisation may unwittingly be aiding or abetting an offence by not reporting an Information Security incident to outside authorities. Future investigations could lead to your organisation as being the source of the offence.

  • Identify the relevant bodies, and ascertain how to contact them, so that you are prepared for any future eventuality.
  • Consider the following authorities:
  1. A regulatory body associated with your industry (Banking, Medical, Engineering).
  2. Local law enforcement agencies (for cases of pornography or fraud etc).
  3. Trading and Standards Offices.
  4. Your own organisation - in the case of law enforcement agencies or Defence.
  5. Data Protection Coordinator.
  6. FAST (Federation against Software Theft) or the BSA (Business Software Alliance) for copyright offences.
  7. CERT® Coordination Centre.


  • Consider using a specialist Information Security organisation for investigations, if you lack in-house expertise.
  • Consider carefully the validity of any evidence collected before reporting it to a third party.
  • You may need to take legal advice about the severity of the offence before proceeding.
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page