The Incident Reporting Tool User Guide
Contents
1. 1G Incident ID Search by IG Incident ID e g 123 Home rr Local SIRI ID Search by local SIRI ID use as wildcard News Incident Type v Bath option only returns incidents which are both IG amp Cyber incidents Change Requests Incident Date From Loo ef To B Incident Status v From EE To 3 Assessments anand Reportable Incidents Not Yet _ Pa K m Clinical Safety Aspect _ Incident Notified Reports Media Aware v Incident Reporting Resources afer Search Information Mapping Displaying 5 mcident s Export to Exce Admin Summary of Incident Publications pane Help 11Feb15 IGV3150 2 nla Open test info Edit 10 Feb 15 CSI3154 nla 2 Duplicate test data 2 Edit 10Feb15 IGCSI 3151 2 2 Withdrawn test info Edit 09Feb 15 CSI3159 nla 2 TBC Open test data Edit ogFeb 15 CSI349 na o Open _ test info Edit ma Naeem VO 3 You will be taken to the incident details page Update the relevant field s e g if you change the Data Subjects orusers Not Known V Status field from Open to Closed and enter a reason Police informed Not Known for the change in the reason for change field at the Actions Taken bottom of the page Lessons Learned 4 Click the save button and the page will refresh Your updates will then be saved and will also appear EA in the previous changes log at the bo2. i s ED ROTO x J incidents Reporting User Name Forename Surname James Burleigh 9 Email james burlesgh nhs net b7 r x7 ator Telephone 0113 397 xxxxx A Created 28 01 2015 11 44 57 HSCIC James Burleigh Sa stteigh Update Home Accessibility Contact Us About Information Governance Toolkit eH Department equirements J Organisation User Last Updated 28 01 2015 11 44 57 HSCIC James Assessments Gancet Delete pitsio Bu Publications C The Incident Reporting Tool landing page 6 If a new user is enrolled as an Organisation Administrator then the Incidents Reporting User tab will be automatically ticked which will give them access to record incidents unless the user opts out of Incident Reporting permissions by un ticking the tab 7 All Organisation Administrators are automatically assigned Incident Reporting user rights unless they decide to opt out 8 The Organisation Administrator will need to repeat the process for adding a new Incident Reporting User above for each user that they want to grant access to the Incident Reporting Tool There are 3 areas available to Incident Reporting Tool Users and supporting guidance information See screen shot below Information Governance Toolkit Incidents this allows users to create a new search edit or ee ERPE i close an existing incident record Organisations can view a Vanessa Incident Reporting Kaliapermall Acut
3. Publications Hein 2 To select the period of time the report is required to cover the user needs to choose either Please choose the quarter to report on or choose a specific period to report on 3 Next select whether you would like to view a summary report of all incidents which have occurred during the period selected or a summary report of all incidents which were closed during the period selected 4 Once you have selected the period of time the report is required to cover and whether you would like to report on all incidents or closed incidents only split by IG SIRIs or Cyber SIRIs select the order that you would like the report to be displayed by either by SIRI level or date the incident occurred closed click the Show Report link to view the selected report 13 V12 3 Final May 2015 The Incident Reporting Tool User Guide information Governance Toolkit You are here Incident Reporting gt Incidents Date Range Report Vanessa Incidents Date Range Report Kaliapermall Acute Log Out Please choose the quarter to renort or TAII Quarters v PEE Closed IG SIRI Incidents All Cyber SIRI Incidents Home Or choose a specifi Closed Cyber SIRI Incidents 01 04 2011 E To os 02 2015 E Show All IG SIRI Incidents Vv Ordered By IG SIRI Level v Show Report Ordered By G SIRI Level W Show Report rom News Change Requests Assessments Abou
4. e Checklist guidance for Reporting Managing and investigating IG incidents SIRIS Guidance informing Heath of the ongoing requi Assessmen ts and Social Care services irement to report manage and investigate IG SIRIS and how Pubi nn Statement Pri incident Reporting icatio ovides information about the IG SIRI reports to be published via the IG Toolkit and by when esources Information Mapping Admin Publications Help tt Information Governance Toolkit You are here incident Reporting gt Incidents Vanessa Kaliapermall Acute 2 Complete the relevant fields of information you would like to perform a search based upon under Search by IG Incident IO e g 123 Local SIRI ID Search by local SIRI ID use as wildcard Home News Change Requests Assessments Resources Information Mapping Admin Publications Help Reports Incident Reporting cee in gt Incident Type C Incident Date From To From 3 To a Clinical Safety Aspect _ y Both option only returns incidents which are both IG amp Cyber inadents Incident Status v Summary of Incident Reportable Incidents Not Yet Notified Media Aware v There are no incidents found matching your criteria Page Processing Time 0 45 seconds Page Resse Time 0 24 second the General tab at the top of the screen The Data Loss Data Breach tab
5. graphs and Statistics e Guidance materials already described in this User Guide can be found on the Incident Reporting landing page when you click on Incident Reporting tab on left side menu when logged in See screen shot below e If Users have any queries regarding this tool they should submit via the IG Toolkit helpdesk service by going to the Help section and completing the online form under Contact us Select the appropriate category Incident Reporting Tool under the Subject field to ensure your query goes to the correct team for a response Vanessa Kaliapermall Acute Log Out Home News Change Requests Assessments Reports Information Governance Toolkit You are here Incident Reporting Incident Reporting e Incidents Edit and enter new incidents e Incidents Organisation Summary Report e Incidents Date Range Report Guidance and Information Incident Reporting a Resources View a report of all incidents within a selected date range View IGT assessment performance and incident details over the last 12 months i ent e ongoing requirement to report manage and investigate IG SIRIS IRI reports to be published via the IG Toolkit and by when Information Mapping Page Processing Time 0 02 seconds Admin Publications Help Page Render Time 0 11 seconds 16 V12 3 Final May 2015 The Incident Reporting Tool User Guide Annex
6. Dear Colleague This is an automatic notification to inform you that the following incident s have not been updated for 80 days or more IGI xxxxx IGCSI xxxx CSI xxxx IGCSI xxxx If you would like the incident s to remain open you will need to update the incident s before date If no update is made the incident s will automatically be closed 10 days after this email was sent You will be sent a confirmation e mail at the time of Closure Kind Regards Information Governance Toolkit Incident Reporting Tool 23 V12 3 Final May 2015 The Incident Reporting Tool User Guide Change Log es OY O A Cancel u Save Previous Changes Reason for Change 15 05 2015 11 18 30 System Account Automatic System Closure due to inactivity HSCIC 24 01 2015 09 49 09 Tori Pottersley REM Initial creation of incident Auto closure Notification Email Details Date Sent Email Type Notification Email Recipients 15 05 2015 11 18 30 Confirmation someone madeup com vicky potter hscic gov uk 15 04 2015 09 56 37 Warning someone madeup com vicky potter hscic gov uk 24 V12 3 Final May 2015
7. Duration of Cyber From time of incident incident to a current system clock or b end time Local SIRI ID The incident number or name identifier as displayed on the organisation s local incident management tool e g STEIS or equivalent If there is no local SIRI ID then enter as none Related Incidents This is the incident Recorded on IGT reference number or Local System ID fora related but Number not the same SIRI or Cyber incident either within this tool or a local system Breach Type Corruption or v V inability to recover electronic data Disclosed in error in tt Lost in Transit Lost or Stolen Hardware Lost or Stolen 18 V12 3 Final May 2015 Cyber Incident Type How identified Summary of incident Detail of Incident The Incident Reporting Tool User Guide Paperwork Technical Security failing including hacking Unauthorised Access Disclosure Uploaded to website in error Other Hacking DOS Phishing Mails Social Media Disclosures Web site defacement Malicious internal damage spoof website cyber bullying other please specify Anti Malware Audit External Notification Firewall Intrusion Detection System System Logs Other This section should provide a brief factual and concise description of what happened This may be displayed in high level reports and may be made available in the public domain therefore this section must not
8. Organisation Summary Report View IGT assessment performance and incident details over the last 12 months Home e Incidents Date Range Report View a report of all incidents within a selected date range News Change Requests Guidance and Information e IG Incident Reporting Tool User Guide Assessments User guide for incident reporting showing how to navigate around and use the Incident Reporting tool features reports etc hecklist guidance for Reporting Managing and Investigating IG Inciden R Guidance informing Health and Social Care services of the ongoing requirement to report manage and investigate IG SIRIS and how Reports Incident Reporting e Publication Statement Provides information about the IG SIRI reports to be published via the IG Toolkit and by when Resources Information Mapping Page Processing Time 0 02 seconds Admin Publications Help 7 V12 3 Final May 2015 The Incident Reporting Tool User Guide DH Home HSCIC Home Accessibility Contact Us About i 2 Navigate to the relevant incident either from this list Information Governance Toolkit on the screen or by using the General Data Loss or You are here Incident Reporting gt Incidents J Cyber Security search tabs facility and click on edit J Burleigh i Create A New Incident z aeaea mcidents against the incident you wish to update General Data Loss Cyber Security
9. found on the IG Toolkit home page under Publications and users should make every effort to report the level 2 incident in line with this guidance Please note the tool is set up to ensure maximum information is provided therefore the incident cannot be saved unless all the mandatory fields are populated A warning message at the top of the screen in red text will offer guidance where mandatory fields may not have been populated certain information is unknown then use the Not known categories where available or select the option which best represents the current position As soon as information is known please update the record INFORMATION BOX e The completion of the online reporting form should be quite straight forward and should not take much time to complete e Additional useful guidance on Breach Types definitions and examples and assessment of the incident severity can be found within the Checklist Guidance for Reporting Managing and Investigating Information Governance Serious Incidents Requiring Investigation IG SIRI including Cyber SIRI Incidents Annexes found on the Incident Reporting Tool landing page B Updating or editing an existing incident To update or edit an incident the user needs to follow the process below 1 Click on the Incidents Link Information Governance Toolkit You are here Incident Reporting Vanessa Kaliapermall Acute ditar Enter e Incidents
10. or advanced search facility and click on edit against the incident you wish to close 3 Update the status field as shown below to Closed and ensure all the fields under Post Incident Details section Information Commissioner s Office Information section and the Local SIRI ID field are populated with the latest position Click the save button to save the change of status Please note The lessons learned and Actions taken fields are particularly important upon closure of an incident so that we can learn from experience and identify gaps or requirements for further guidance to support the improvements to performance regardin incidents and hopefully work proactively to prevent incidents from reoccurring Once an incident has been closed the lessons learned and actions taken fields can still be updated to accurately reflect any additional lessons actions implemented since the incident was closed These incidents will be included within reports published on the IG Toolkit Publications page so ensure that the information is accurate includin rammar and spelling and does not include anything which ou would not disclose under the Freedom of Information Act 2000 Admin Note indicates a required field Publications incident Subject Details Help 1D 1603144 9 Cyber Security SIRt Please indicate what type s of incident you are reporting 1G SIRE A
11. A Cyber SIRI and IG SIRI fields The following map shows which fields are Cyber SIRI specific and which are IG SIRI specific Section Fields VELIUT MEE LAY Cyber Incident Subject Details or Pop up box Cyber Security SIRI Yes No IG SIRI e a rs a ee a Clinical Safety Checked indicates V Aspect the incident has an impact on patient safety or provision of clinical care Details of the clinical safety issue must be recorded on your dedicated local incident management systems and not within the IG Incident Reporting Tool Only record details of the incident which are non clinical in this tool e g about the data loss The local SIRI ID field should be used to record the identifier for the local system so that the reports can be linked tracked if required National System s Whether this or Network incident impinges Affected upon a national system such as Spine 2 NHS Mail or a national network such as N3 Details of Free Text v System s or Network Affected Y Y Organisation details EEE eee eee Taken fromlogin fF 17 V12 3 Final May 2015 S The Incident Reporting Tool User Guide Role Taken from login General Details rawn Duplicate Cyber Reporter Internal Staff Technical Exterior gt gt People Technical Member of the Public Third Party Contractors Other Time of Cyber Time Pern End date of Cyber Date maen o End time of Cyber Time p fe
12. Clinical Safety Aspect v Note do not record clinical of patient detaits within this tool General Details Status Open The incident is under investigation Date of incident Closed The incident has been investigated and no further action required Duplicate The same incident has been entered onto the database more than once e Withdrawn The incident is no longer considered a Serious Incident Requiring Investigation or was reported in error Local SIRI ID Test Breach Type Lost in Transit vO Summary of incident Lost Detads of Incident Lost Severtty Detats 1G SIRI Levet Level 2 Confirmed IG SIRI that must be reported to ICO amp DH 0 If the incident has found not to have occurred or severity is reduced due to fortunate events which were not part of pre planned controls this should be recorded as a near missinon event by bciing the ahaauhaniaiha iat Thiet amshioioe aeinnmnd asinine ta tala mines nd smmanmaialn 4 Click the save button and the page will refresh The updates will then be saved and will appear in the previous changes log at the bottom of the page as described above under Updating or editing an existing incident Please note that this screen and content recorded within it can be exported to Word and saved as an attachment to escalate incidents to internal senior V12 3 Final May 2015 The Incident Reporting Tool User Guide management IG Lead Senio
13. D is not adequately monitored 11 207 Inadequate information sharing protocols in place 11 209 Overseas transfers of PID may not comply with e The IG Delivery Notes about the Organisation section at the bottom of the page is read only for Organisations as this is an area for HSCIC and DH to note any particularly important information about the organisation which may be relevant when monitoring performance It is an optional field to be used by HSCIC colleagues only on behalf of the DH or ICO If no notes are recorded against your organisation then this section will not appear e The IG Key Staff Contact Details are auto populated from your organisation s latest entry against the IG Toolkit assessment summary screen usually kept up to date by your local IGT Organisation Administrator and are only there for reference if in case there is an major incident which requires the involvement and escalation to Senior Management within your organisation When any changes are made to these details within the assessment summary screen the updates will be reflected in this report within a few minutes If there are no details displayed under the IG Key Staff Contact Details section on this screen then you may wish to request your IG Toolkit Organisation Administrator populates the relevant section of the Assessment Summary screen or via the Admin Organisation Profile section of the Toolkit e This report is exportable to Word so that incident
14. Date range reports to allow for quarterly all time or specific date range reports These can be viewed online or exported to Word or Excel o Automated notification emails to the national bodies e g DH HSCIC and ICO as appropriate O O Further information on the requirement to report manage and investigate Incidents can be found on the Incident Reporting Tool landing page called Checklist Guidance for Reporting Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation this document is found in the Publications section on the home page B How to access the Incident Reporting Tool All IG Toolkit Organisation Administrators for all organisation types are automatically assigned Incident Reporting user permissions They can choose to opt out and they can grant permissions to other users to have access to the Incident reporting rights Once these permissions have been granted the user will see the Incident Reporting tab on the left side menu when logged into the IG Toolkit home page Other members of the organisation who require access to this tool should contact their local IG Toolkit Organisation Administrator The steps an Organisation Administrator need to take to grant Incident Reporting permissions to other users are Login to the IG Toolkit Click on the Admin tab on the left side menu 1 2 3 4 5 Select the User Admin option Then eith
15. G Toolkit website when permissions are granted The NCSP is managed and coordinated on behalf of Government by the Office of Cyber Security and Information Assurance in the Cabinet Office under the oversight of the Minister for the Cabinet Office https www gov uk government policies keeping the uk safe in cyberspace 1 V12 3 Final May 2015 The Incident Reporting Tool User Guide All Organisation Administrators are automatically given permissions to access the Incident Reporting section of the IG Toolkit but they can withdraw access if not required Organisation Administrators can also grant permissions for additional Incident Reporting Users via their Organisation Admin section Organisations can only see incidents recorded against their organisation code They cannot view other incidents until information is published on the IG Toolkit website The Incident Reporting Tool provides features and functionality such as o Adding a new incident o Updating existing records of incidents o Notifying a Level 2 SIRI now or save to notify later o Recording authorisation to report a SIRI e g a note of approver s name and role such as the SIRO or Caldicott Guardian This can be marked as Not required if the person providing the notification has been given the authorisation already by the SIRO or other approver Marking incidents as duplicates or withdrawn if added in error Exporting details of individual incidents into a Word document o
16. SIRI reports to be published via the IG Toolkit and by when Resources Information Mapping Admin Publications Clinical Safety Aspect Yes 3 Check the Reopen Incident box and enter details A on the reason for change in the field at the bottom of D e the page then click the save button towards the _ _ a bottom of the screen to reopen the incident as Details of incident Lost demonstrated in the two screenshots below Severity Details IG SIRI Levet Level 0 Near missinon event The incident has found not to have occurred or severity is reduced due to fortunate events which were Not part of pre planned controts Scale of incident if the scale of the incident is not known it is necessary to estimate the maximum potential scale point information about 101 300 individuals Sensitivity Factors Sensitivity factors assigned as below Low Sensitivity Factors e information readily accessible or already in the public domain or would be made available under access to information legislation e g Freedom of information Act 2000 Actions Taken 9 test Lessons test hahd Leares 4 The screen will refresh and the incident will appear now with an open status formation Commissioner s Office ICO information ICO Informed ICO Action Date 16 10 2013 SJ ICO Action Enforcement Notice v ii l g Reason for re opening a closed incident to edi Change Cancel Reason f
17. The Incident Reporting Tool User Guide The Incident Reporting Tool User Guide This guide provides an overview of how to access and use the IG Toolkit Incident Reporting Tool Please note that the screen shots in this guide are taken from our test site which is indicated by the yellow bar at the top of each screen shot In the production application users will see the pages in the sections 1 to 4 without the yellow banding at the top of the page To make the guide easier to follow it has been split into four main sections 1 About the Incident Reporting Tool 2 How to Create Update and Close an Incident 3 How to Generate Reports 4 Where to go for Help 1 About the Incident Reporting Tool Incident Reporting Tool Overview How to access the Incident Reporting Tool The Incident Reporting Tool landing page Of gt A Incident Reporting Tool Overview The Incident Reporting Tool is an online tool hosted on the secure Information Governance Toolkit website e Itis the Department of Health DH and Information Commissioner s Office ICO agreed mechanism for Health and Social Care organisations to report data breach incidents e It is the Department of Health DH and National Cyber Security Programme sponsored reporting mechanism providing Health and Social Care sector a facility to report Cyber Security Serious Incidents Requiring Investigation Cyber SIRI e Accessible by all organisations registered with the I
18. allows you to search by data fields relevant to IG SIRIs and the Cyber V12 3 Final May 2015 The Incident Reporting Tool User Guide Security tab allows you to search by data fields relevant to Cyber SIRIs Once you have set the search criteria click the Search button to retrieve your results Use the Reset option to clear the search and start search selection again Home News Change Requests Assessments Reports Incident Reporting Resources Information Mapping Admin Publications Help IG Incident ID Search by IG Incident ID e g 123 Local SIRI ID Search by local SIRI ID use as wildcard Incident Type y CBoth option only returns incidents which are both IG amp Cyber incidents Incident Date From 3 To Incident Status v From a To 3 Summary of Incident Reportable Incidents Not Yet Notified _ Clinical Safety Aspect _ Media Aware v Reset earl Displaying 1 neden Epone exe gt Date of IQ IG SIRI Status Summary of Incident evel Incident Y 02 Feb 15 1GV3144 2 TBC Open Lost Eat Page Processing Time 0 55 seconds Page Render Tene 0 25 seconds 4 Where to go for help 3 The results of the search will be displayed in the box at the bottom of the page You can then click the Export to Excel link if you wish to export these into a spreadsheet format Pivot tables in Excel can be used to convert the data into charts
19. ance for staff 11 202 Inadequate legal basis for secondary uses of data 11 203 Servce users not adequately informed about use of their data 11 205 Subject access requests are inadequately supported 11 206 Access to confidential PID is not adequately monitored 11 207 Inadequate information sharing protocols in place ai saathi 44 AAA Aasaaa isasalasa of NIN asan sai aasma ia 11 V12 3 Final May 2015 The Incident Reporting Tool User Guide Cyber Security Incident Organisation Summary Report Acute Acute IG Key Staff Contact Details IG Lead SIRO Caldicott Guardian Aspects of IG Cyber Security Incident Details Cyber ny Cyber Incident Internet Clinical Safe Information Governance Date SIRI Type Facing Aspect Management Level 021022015 101 Inadequate framework for managing IG 105 Gaps weaknesses in IG Policies and or strategies 110 Inadequate contractual arrangements with suppers 111 Inadequate employment contracts 112 Not all staff are appropriately trained in IG Confidentiality and Data Protection Assurance s 11 200 Inadequate access to confidentiality and data protection expertise 11 201 Inadequate confidentiality guidance for staff 11 202 Inadequate legal basis for secondary uses of data 11 203 Servee users not adequately informed about use of thew data 11 205 Subject access requests are inadequately supported 11 206 Access to confidential PI
20. ber Security related Incidents within a selected quarter or date range and export data into Excel or Word V12 3 Final May 2015 The Incident Reporting Tool User Guide 2 How to Create Update or Close an Incident How to create and complete a new Incident Updating or editing an existing incident Closing an incident Re opening an incident Dop A How to create and complete a new Incident information Governance Toolkit 1 When logged in click on the Incidents Link found on the Incident Reporting left side menu tab You are here Incident Reporting Vanessa Incident Reporting Kaliapermall g enter new incidents e Incidents Organisation Summary Report Home ee EREE 2 Alist of any recorded Incidents will appear on the View a report of all incidents within a selected date range 5 News screen with an option to export to Excel or click ie nas Si through to edit an existing Incident record and the total number of incidents recorded for your Organisation on this Tool to date If there are no e Publication Statement i e Provides information about tne IG SIRI reports to be publshed via the IG Tool and by when incidents reported then this screen will be blank with a link to Create a new incident only Change Requests IG Incident Reporting Tool User Guide User guide for Incident reporting showing how to navigate around and use the Incident Reporting tool features reports etc i
21. e Department of Health and HSCIC will receive notifications of ALL Level 2 Cyber SIRIs If the Cyber incident is also classed as a Level 2 IG SIRI the ICO will be notified of the IG SIRI information but not the cyber information entered e Further Help on the data entry fields is provided where there is a symbol Information Governance Toolkit e You are here Incident Reporting gt Incidents gt New Incident Vanessa Kaliapermall Acute Log Out Incident Details IMPORTANT DISCLAIMER nous e The Department of Health and the Information Commissioner s Office will automatically receive notifications of ALL Level 2 SIRIs which you choose to notify when they are saved on this tool Therefore all notified level 2 IG SIRIS in particular shoul News kept up to date so that DH and ICO have view of progress from the initial opening of the incident to closure See Checklist Guidance for reporting managing and investigating IG SIRIs and IG Incident Reporting Tool User Guide for further detail Allinformation recorded under a Closed IG SIRI on the IG Toolkit Incident Reporting Tool will be published quarterly by t Health and Social Care Information Centre HSCIC Organisations must therefore check the content recorded within the IG Incident report before closing the record to ensure that you do not include any information that you would not normally prov or publish yourself if requested under the Freedom of Informat
22. e e Incidents Edit and enter new incidents Incidents Organisation Summary Report total number of Incidents recorded export a full list of incidents into Excel extract individual reports of each incident export individual incidents into Word and sort the View IGT assessment performance and incident details over th last 12 months columns of the sea rched data as preferred Home e Incidents Date Range Report s 7 ea repor of al nels wt Incident Organisation Summary Report presents a report ews ers Kee on IG or Cyber SIRIs exportable in Word format which Glen Reporng Too User Gude could be used to inform senior management Boards or Assessments User guide for Incident reporting showing how to navigate around and use the Incident Reporting tool features reports etc z Ceci nes ets Vc a beng ct interested Committees of any incidents which have been Reports a oa ee S ee recorded in the last 12 months and an overview of the mS e ee E organisation s latest published IG Toolkit performance This Resources report also displays the latest recorded senior management Information Mapping Scant details entered by in most cases the Organisation Page Render Time 0 11 seconds Admin Administrator via the IG Toolkit Assessment Summary Publications Screen Help Incident Date Range Report This area allows Incident Reporting Tool Users to run summary reports of all IG or Cy
23. ents The message will keep displaying each time you Save an update to the record and until you mark the incident for notification or change the severity level 10 The incident must not be left in Level 2 TBC e g Notify later status for a long period Ensure you report in accordance with the HSCIC guidance supporting the use of the Incident reporting Tool 11 The user may forward the incident for authorisation that an approver agrees that it is a level 2 notifiable incident Once the approver agrees that it s a level 2 notifiable incident the user may mark the incident Approved field as appropriate e g Yes No or Not Required Complete the Approver Name and Approver Role fields and then save the incident after selecting Notify now It is a local organisation decision to seek authorisation or not This is not mandatory as organisations devolve responsibilities in a variety of ways but it was upon request of users that this function would be very helpful whilst they assess the severity of the incident discuss with senior colleagues and then decide 6 V12 3 Final May 2015 The Incident Reporting Tool User Guide to notify This is probably more significant when there is a Level 2 IG SIRI which when confirmed is required to be notified to the formal regulator for Data Breaches of the Data Protection Act the ICO 12 Timelines for level 2 pending approval are as described in the latest SIRI Checklist guidance which can be
24. er click on edit against the relevant existing user s account or click on Add New User User access can be granted by ticking the Incidents Reporting User tick box and for new users you will also need to complete the name email and telephone details which are then e mailed to the user with the login ID and password 2 V12 3 Final May 2015 The Incident Reporting Tool User Guide Information Governance Toolkit DH pe sod You are here Admin gt Organisation Admin gt Edit ACUTEST gt User Admin gt Edit jabu James Burleigh User Details Admin NHS Connecting for Health IG team Home User ID jabu Roles M incidents Reporting User ner Fasian Sumame f James Burleigh C Information Mapping Admin Locked o C Information Mapping User C Organisation Administrator C Organisation Auditor News Email Requirements C Organisation Reviewer Telephone 0113 397 xxxxx E Organisation User ns Created 03 05 2013 15 35 06 NHSCFH James Burleigh Last Updated 03 05 2013 15 50 39 NHSCFH James Burleigh Bicas Delete Update _ Reports Incident Reporting lt E http igttesti de IGT UserAdminUserOetails aspx itk 4204268070008 O GS PPO Dynamic Resource Pools Edit jabu x ByConvert PP Select re here Admin gt Q tion Admin gt Edit ACUTEST gt User Admin gt Edit jabu Youa raanisea James Surieigh User Details Admin HSCIC IG Team User 1D ba
25. he tool ICO Action Enforcement Notice Undertaking Monetary Penalty etc ICO Action Date 22 V12 3 Final May 2015 The Incident Reporting Tool User Guide Appendix A Autoclosure feature for Closing SIRI and Cybersecurity Incidents The auto closure feature will automatically close incidents where no updates to an open record have been undertaken within the last 90 days Relevant incident reporting users will be notified by email 10 days in advance of planned auto closure and within 24 hours after closure The emails will be sent to all of the following persons a The person that created the incident record b The person that last updated the record c All organisation administrators who also are Incident Reporting users if not already one of the persons specified under a or b This functionality will help to ensure records are kept up to date or closed within a reasonable time frame It should be noted that any incident that has been auto closed can be re opened at any time Further instructions can be found in the incident reporting user guide available on the Help page Consideration should also be given to the quality accuracy and appropriateness of level 2 closed incident reports and the commitment HSCIC has to publication of information as specified within the IG Toolkit Incident Reporting Publication Statement found on the IG Toolkit Publication page User email notifications
26. include any personal sensitive or commercially sensitive information Further detail in addition to the incident summary should be documented e g V12 3 Final May 2015 The Incident Reporting Tool User Guide detail on when the incident occurred the types of records lost information e g Person Identifiable data items contained within it security measures in place or not how it occurred why and under what circumstances What are the risks etc Location s of For a SIRI incident Cyber Incident this would generally be the physical location however when the breach is located in cyberspace this may be more problematic If the location is undeterminable enter the location affected Internet Facing Whether the service service is internet facing or utilises an internet channel you can have a service that utilises internet channel but the service itself is not internet facing such as a file transfer service Severity Details IG SIRI level Level O 1 or 2 Scale of the As current incident Number of users or individuals affected Sensitivity factors List of Medium and High Factors Impact of Incident Confidentiality I 20 V12 3 Final May 2015 The Incident Reporting Tool User Guide Integrity Availability Clinical Financial Administrative Reputational Personal harm or distress Environmental Cyber SIRI Level Level 0 1
27. ion Act 2000 Other IG SIRIs marked as Open Withdrawn or Duplicate will not be published by the HSCIC e See the Publication Statement on the IG Incident Reporting Tool landing page or accessible via the IG Toolkit Knowledget for further detail e For Cyber SIRI notifications ALL Level 2 Cyber SIRIs only the Department of Health and HSCIC will be notified If the incident is also a Level 2 IG SIRI the ICO will be notified of the IG SIRI information but not the cyber information e Help is provided where there is a Change Requests Assessments Reports Incident Reporting Resources Information Mapping Admin Incident Subject Details Cyber Security SIRI Publications Please indicate what type s of incident you are reporting Help 5 The type of incident selected will determine the appropriate incident reporting form You will see the screen populate with the relevant data entry fields as you select an option For further details on which data fields apply for Cyber SIRIs or IG SIRIs see Annex A Where both are selected then all the data fields appear on the screen The data fields on this incident input screen contain dropdown lists to select from mainly some system generated fields and minimal free text fields for capturing more detailed information Please note Users are strongly advised to click on and read the context help symbols where displayed against certain data fields There is so
28. irement to report manage and investigate IG SIRIS and how Incident Reporting e Publication Statement Provides information about the IG SIRI reports to be published via the IG Toolkit and by when Resources Information Mapping Page Processing Tene 0 02 seconds Page Render Time 0 11 seconds Admin Publications Help IG Incident Organisation Summary Report 2 This presents a report exportable in Word format which could be used to inform senior management Boards or interested Committees of any incidents which have been recorded in the last 12 months and an overview of the organisation s latest published IG Toolkit performance The report column headings will be slightly different between IG and Cyber SIRI reports See an example of each to the left and below Acute Acute IG Key Staff Contact Details IG Lead SIRO Caldicott Guardian CEO Aspects of IG Compliant Data Loss Details IG SIRI Breach Clinical n Transit Information Governance anagement Concerns 11 101 Inadequate framework for managing IG 11 105 Gaps weaknesses in IG Policies and or strategies 11 110 Inadequate contractual arrangements with suppliers 11 111 Inadequate employment contracts 11 112 Not all staff are appropriately trained in IG Confidentiality and Data Protection Assurance Inadequate access to confidentiality and data protection expertise 11 201 Inadequate confidentiality guid
29. me useful information behind these defining categories warning regarding information recorded under certain free text fields and quidance on the type of information to be included under the data field 6 There are a total of 7 sections to complete in the incident report form e Incident Subject Details e General Details e Severity Details e Data Details e Post Incident Details e Information Commissioner s Office ICO Information V12 3 Final May 2015 The Incident Reporting Tool User Guide e Authorisation Only appears for incidents which meet Level 2 severity Please note The data fields which are marked with an asterix are mandatory fields which means the must be populated before the form can be saved or notified The screen looks like this Sr 7 After each field has been considered and ae eae populated the user can elect to notify a level 2 maoene ormaisene mT ereen incident by clicking on the Notify Now or a Notify Later options and then clicking on the Bocaranda GT or Loen 1 save button Incidents which are of a lower an E O severity do not view the Authorisation Cyber Incident Type Details section it is only relevant to Level 2 incidents If the user chooses to Notify Now an incident warning message will appear at this stage to inform the user that saving this incident will sane A 5 result in a
30. n email being sent to the relevant ai interested parties e g DH ICO HSCIC as appropriate How Identified Please Specify v Summary of Incident Details of Incident Internet Facing Service go Please select at least one impact Please note IG Level 2 SIRIs are sent to the HSCIC NHS England DH and the ICO Cyber Level 2 SIRIs are only sent to HSCIC and the DH 8 If the incident has been assessed at severity Level 2 in error the user will be given the opportunity to return to the incident record and amend the incident as necessary e g downgrade or mark as withdrawn or duplicate This will trigger another email to the notification recipients informing them that the incident is no longer classed as Level 2 SIRI 9 Therefore the system allows a user to choose whether to 1 save and report the level 2 incident immediately by ticking the Notify Now box see 5 above or 2 you can save the Level 2 incident to Notify Later This would allow users time to forward the incident to senior responsible managers e g the Caldicott Guardian or SIRO and seek authorisation to approve notification of the incident to the relevant DH and HSCIC Once Notify Later is ticked the message from webpage will display and say that the incident will be saved on the incident system but will not be notified to regulators The message is slightly different for IG and Cyber incid
31. navigate around and use the Incident Reporting tool features reports etc e Checklist guidance for Reporting Managing and Investigating IG Incidents SIRIS Guidance informing Health and Social Care services of the ongoing requirement to report manage and investigate IG SIRIS and how Reports Incident Reporting e Publication Statement Provides information about the IG SIRI reports to be published via the IG Toolkit and by when Resources Information Mapping Page Processing Time 0 02 seconds Page Render Time 0 11 second Admin Publications Information Governance Toolkit You are here Incident Reporting gt Incidents Incidents General Data Loss Cyber Security IG Incident ID Search by IG Incident ID e g 123 Local SIRI ID Search by local SIRI ID use as wildcard Incident Type Both option only returns incidents which are both IG amp Cyber incidents Incident Date From 2 To Incident Status v From ez To Ee hange Requests Summary of Incident Reportable Incidents Not Yet Notified _ Clinical Safety Aspect ssessments Media Aware v Reports Reset cident Reporting plis _ Search C J Displaying 1 incident s Export to Excel Resources formation Mapping Date of ID IG SIRI Status Summary of Incident Incident Y fel dmin 02 Feb 15 IGV3144 2 TBC Open Lost Edit 2 Navigate to the relevant Incident either from this list on the screen or by using the basic
32. ng IG IRI Assessments e Checklist guidance for Reporting Managing and Investigating IG Incidents SIRIS Guidance informing Health and Social Care services of the ongoing requirement to report manage and investigate IG SIRIS and how Reports Incident Reporting Resources Information Mapping Page Processing Tene 0 02 seconds Page Render Time 0 11 seconds Admin 3 To input a new incident click the Create a New Incident link top right of the screen Information Governance Toolkit Please note If the organisation has no incidents listed then this screen will be blank Vanessa Kaliapermall Acute Incidents 4 After clicking on Create a new Incident the Incident details screen will appear User must select the appropriate incident type e g Cyber SIRI IG SIRI or ene T if applicable you can tick both boxes You should also information mapping hoes ensure that you read the disclaimer at the top of the Admin ee screen in red text See example of text below 3 9 Summary of Incident Reportable Incidents Not Yet Notified Clinical Safety Aspect IMPORTANT DISCLAIMER e The Department of Health and the Information Commissioner s Office will automatically receive notifications of ALL Level 2 IG SIRIs which have been recorded and saved on this tool Therefore all notified level 2 IG SIRIs in particular should be kept up to date so that DH and ICO have view of progres
33. or 2 _ Cyber Baseline The scale of the Scale incident ranging from no impact on services false alarm individual or team department affected or multiple departments or entire organisation If unsure of which one of two levels please initially selected the higher one Cyber Sensitivity Aware that other Factors organisations have been affected Confidential information release non personal or 100 PCD Records Critical business system unavailable for over 24 hours Likely to attract media interest Multiple attacks detected and blocked over a period of 1 month Repeat Incident previous incident within last 3 months Require advice on additional controls to put in place to reduce reoccurrence Notified to Trusted Yes or no National Bodies 21 V12 3 Final May 2015 The Incident Reporting Tool User Guide Data Details Yes No Password Protected only Not Encrypted Known Not applicable Post Incident Details Media Aware ea Known Media Notes Data Subjects or Yes No Not Users Informed Known Not Required Planned Yes No Not Known Not Required Planned Root Cause Drop down and or Analysis Free text Drop down values patching level Firewall rules Antivirus malware coverage external attack internal attack other Please specify in RCA comments field RCA Comments ico Information Police informed ICO Informed Populated when Level 2 is notified to the ICO via t
34. or Change Lucas ACUTEST testing closure 23 10 2013 12 04 29 Vanessa Kaliapermall Test Show ACUTEST Changes 21 10 2013 09 33 05 Lucy Lucas ACUTEST test Show Changes 17 10 2013 09 32 42 Lucy Lucas ACUTEST testing edit of closed incident Show 16 10 2013 15 32 21 Lucy Lucas ACUTEST test Show V12 3 Final May 2015 16 10 2013 15 26 49 Lucy Lucas ACUTEST Initial creation of incident The Incident Reporting Tool User Guide 3 How to Generate Reports A Incident Organisation Summary Report overnance Toolkit rganisation Summary Report to Report On IG SIRI or Cyber Security Related Re po rt Incidents e page is the Incident Organisation Summary Report see G or Cyber Security Related incident details over the last 12 months 1 On clicking on the Incident Organisation Summary Report link the following screen appears You should choose which type of incident you wish to report on _Sesnen sneer ear nee i IG SIRI or Cyber SIRI then click on link Show report Guidance and Information News Change Requests e IG Incident Reporting Tool User Guide Assessments User guide for incident reporting showing how to navigate around and use the Incident Reporting tool features reports etc Reports e Checklist guidance for Reporting Managing and Investigating IG Incidents SIRIS Guidance informing Health and Social Care services of the ongoing requ
35. orting Tool 2014 027 Report of H amp 5C Closed Level 2 1G Serious Incidents April to June 2014 01 Report of H amp 5C Closed Level 2 1G Serious Incidents Jan to March 2013 04 Report of HASC Closed Level 2 1G Serious Incidents Oct to Dec 2013 03 Report of HASC Closed Level 2 1G Serious Incidents June to Sept Change Requests Assessments Reports Incident Reporting Resou rces Page Processing Time 0 08 seconds Page Render Time 0 20 seconds Information Mapping Admin Code of Practice Publications Cookies Policy Terms and Conditions Privacy Statement Copyright Statement Crown Copyright 27000 27010 C Database Search Report A search facility which you can use to run a search and then extract the results to a report if required is available on the Incidents The search will only search information held against your own organisation Information Governance Toolkit 1 Go to Incidents from the Incident Reporting You are here incident Reporting Vanessa Kallapermall Acute Incident Reporting home page al entog new incidents mmary Report formance and incident details over the last 12 months e inck ror View a report of all incidents within a selected date range News Change Requests Guidance and Information e Gincident Reporting Tool User Guide User guide for incident reporting showing now to navigate around and use the incident Reporting tool features reports etc
36. r Information Risk Owner SIRO Caldicott Guardian etc as required Note that the release of IG Toolkit v 13 will introduce an auto closure feature whereby incidents where no updates to an open record have been undertaken within the last 90 days will be closed Relevant incident reporting users will be notified by email 10 days in advance of planned auto closure and within 24 hours after closure Further details are described in Appendix A of the Incident Reporting Tool User Guide Note that autoclosed incidents can be re opened as per section D below D Re opening an incident 1 Click on the Incidents Link Information Governance Toolkit ie 2 Navigate to the relevant incident either from this Vanessa Incident Reporting Kallapermall list on the screen or by using the basic or advanced Acute incidents Edit and enter neyxAincidents og ee etter iii asda you wish to re o pen Change Requests Guidance and Information e IG incident Reporting Toot User Guide Assessments User guide for incident reporting showing how to navigate around and use the incident Reporting tool features reports etc d Inves hecklist guidance for Reporting Managing ar igating inciden R Guidance informing Health and Social Care services of the ongoing requirement to report manage and investigate IG SIRIS and how Reports Incident Reporting e Publication Statement Provides information about the IG
37. s can be escalated promptly or used as a report to senior management teams Trust Boards etc 12 V12 3 Final May 2015 The Incident Reporting Tool User Guide B Incident Date Range Report The third link on the Incident Reporting page is the Incident Date Range Report see screenshot below The purpose of this report is to report on incidents by quarter or a specified date range 1 Click on Incident Date Range Report Information Governance Toolkit You are here incident Reporting Vanessa Incident Reporting Kaliapermall Acute e incidents peers Edit and enter new incidents se e incidents Organisation Summary Report View b ssessment performance and incident details over the last 12 months Home in a selected date range News Guidance and Information Change Requests e IG incident Reporting Tool User Guide Assessments User guide for incident reporting showing how to navigate around and use the Incident Reporting tool features reports etc beac k guida gt for gt porting Ranaging and festigatinga i mc kjet IR Guidance informing Health and Social Care services of the ongoing requirement to report manage and investigate IG SIRIS and how Reports incident Reporting Publication Statement Provides information about the IG SIRI reports to be published via the IG Toolkit and by when Resources Information Mapping Page Processing Time 0 O2 seconds Page Render Tine 0 1 seconds Admin
38. s from the initial opening of the incident to closure See Checklist Guidance for Reporting Managing and Investigating IG and Cyber SIRIs and The Incident Reporting Tool User Guide for further detail e Ensure that the incident is closed as soon as practicable or appropriate We would not expect the incident to be in Open status for more than 3 months usually e All information recorded under a Closed IG SIRI record on the Incident Reporting Tool will be published quarterly by the Health and Social Care Information Centre HSCIC Organisations must therefore check the content recorded within the IG Incident report before closing the record to ensure that you do not include 4 V12 3 Final May 2015 The Incident Reporting Tool User Guide any information that you would not normally provide or publish yourself if requested under the Freedom of Information Act 2000 Ensure the record is up to date factual and accurate in content e g check spelling grammar no person identifiable data etc Content should be appropriate for publication e Cyber information and SIRIs marked as Level 2 TBC Open Withdrawn or Duplicate will not be published by the HSCIC e See the Publication Statement on the Incident Reporting Tool landing page and accessible via the IG Toolkit Knowledgebase or Publications sections for further detail on our routine publications what information we share with whom and for what purpose e Only th
39. t this report Reports View a report of all IG or Cyber Security related Incidents within a selected quarter or date range Incident Reporting Page Processing Time 0 05 seconds Resources Page Render Time 0 18 seconds Information Mapping Admin Publications Help 5 Upon clicking Show Report the following screen appears displaying your report this screen may vary from the screenshot below depending on the parameters which you ve selected for your report and is exportable to CSV and Word formats as a pre defined report Please note that you may wish to format the CSV file e g format headings in bold etc once saved to Excel as unfortunately the exportable CSV file will only allow limited formatting to be applied All IG Incidents within the Period 01 Apr 2011 02 Oct 2013 xport report data to CSV Export report data to Word report data to Word Date of SIRI Status Breach Type Volume Format Summary of Incident Incident Level 01 Oct 13 IGI518 Open Lost or stolen 99000 Digital An unencrypted memory stick was lost in a Hospital hardware Trust 04 Sep 13 IGI 519 Unauthorised m clinician accessed the patient records of their Oe a n 05 Aug 13 IGIS17 4 Open Corruption or inability E Digital test incident at level 1 to recover electronic data 03 Jul 13 IGVS520 4 Open Corruption or inability Digital Patient sheet stolen from nurses car to recover electronic data Closed Incident Repor
40. ts Dleqse note that all IG incidents which have occurred since 1 June 2013 date this tool was launched to health and social care and are now closed will appear in quarterly reports published on the IG Toolkit Publications tab available from the main left side menu Therefore it is advisable that Organisations check all closed incidents for completeness and accuracy before publication period The quarters are January to March 14 V12 3 Final May 2015 The Incident Reporting Tool User Guide Q1 through to October to December Q4 A reminder note will be posted 6 weeks in advance of the quarter end date on the At a glance page when you log into the IG Toolkit This does NOT INCLUDE CYBER SIRIs as for security purposes Cyber SIRIs will not be published Previous level 2 quarterly reports are published in the Publications section of the IG Toolkit oH Department Information Governance Toolkit of Health You are here IG Publications James Burleigh Acute Trust Test Account Home Publications This page gives you access to various IG Toolkit Publications These are broken down into two sections one giving details of reported IG Incidents and the other giving details of IG Toolkit assessment scores IG Incident Reports IG Toolkit Scores N gt Please select a document from the following list of publications ews Publication Statement for IG Incident Rep
41. ttom of the ICO Informed 17 02 2015 ICO Action Date A page ICO Action Not Known v Daaa a SA aE Aai ot Required v spre Nek Regure V m Please note that where the SIRI level changes to a ares 2 after an update has been completed then the a Authorisation section will appear and you can decide os to notify now or later 5 For audit and or review purposes the Show Changes link will provide an audit trail of what has been changed when and by whom as shown below Cancel Previous Changes By Reason for Change Lucy Lucas ACUTEST changed to media aware yes ee EE Lucy Lucas ACUTEST added new action 02 10 2013 15 08 29 02 10 2013 15 02 13 02 10 2013 12 46 39 Lucy Lucas ACUTEST Initial creation of incident V12 3 Final May 2015 The Incident Reporting Tool User Guide C Closing an incident 1 Click on the Incidents Link Information Governance Toolkit You are here Incident Reporting Incident Reporting Incidents Edit and enter new incid e Incidents Organisation Summary Report View IGT assessment performance and incident details over the last 12 months e Incidents Date Range Report View a report of all incidents within a selected date range Change Requests Guidance and Information o IG Incident Reporting Tool User Guide Assessments User guide for Incident reporting showing how to
Download Pdf Manuals
Related Search