Skip to main content

Information security incident guidance for health and care organisations

Guidance on recognising information security incidents and dealing with them appropriately to reduce any damage caused by them and learn lessons to help prevent or mitigate similar incidents in the future.

Guidance covers:

  • defining information security incidents and data breaches
  • putting in place proper reporting, analysis and response of incidents
  • learning lessons from incidents and specific reporting duties
  • internal

    Information security incident: example policy

    This template policy is designed to be used in health and care organisations to ensure that good information security response management, including learning lessons and reporting requirements, is in place and is tested regularly.

Last edited: 31 October 2018 5:54 pm