In the event of a data security event or incident, the Project Director, listed SPARCS contact(s), organizational representative, or CISO must immediately contact the SPARCS program detailing the nature of the incident and the data involved.
Reporting an event or incident must be done through the I need to report a SPARCS data event or incident Zendesk form.
The following situations would require a ticket to be submitted to the SPARCS team:
- The data is secure, but not restricted to approved users
- Project users have been accessing the data without completed DUA
- Accidental data transfer within the same institution
- Non-malicious failure to follow data-handling procedures.
- Unapproved data storage location (still secure/encrypted)
- Unauthorized access to SPARCS data
- SPARCS data has been posted publicly without approval
- SPARCS data has been shared externally
- Confirmed cybersecurity incident at the organization
- Ongoing cybersecurity incident at the organization
- Loss or theft of devices with SPARCS data
Additional information can be found in the Data Security section of the Data Governance Policy and Procedure Manual, and any questions you may have can be submitted through the I have a general question for the SPARCS team Zendesk form.
Your transparency and active follow-up in cyber-related incidents are very much appreciated.