Incident Response Policy


The purpose of this document is to provide some general guidelines and procedures for dealing with computer security incidents. The document is meant to provide Montreat College support personnel with some guidelines on what to do if they discover a security incident. The term incident in this document is defined as any irregular or adverse event that occurs on any part of the Montreat College Network. Some examples of possible incident categories include: compromise of system integrity; denial of system resources; illegal access to a system (either a penetration or an intrusion); malicious use of system resources, or any kind of damage to a system.


This policy applies to all Montreat College employees.


  • All members of the University community are responsible for reporting known or suspected information or information technology security incidents. All security incidents at Montreat College must be promptly reported to the Director of Technology.
  • Incident response will be handled appropriately based on the type and severity of the incident in accordance with the Incident Response Table below.
  • All individuals involved in investigating a security incident should maintain confidentiality, unless the Director of Technology authorizes information disclosure in advance.

Incident Response

  • Incident response will be managed based on the level of severity of the incident. The level of severity is a measure of its impact on or threat to the operation or integrity of the institution and its information. It determines the priority for handling the incident, who manages the incident, and the timing and extent of the response. Four levels of incident severity will be used to guide incident response: high, medium, low, and NA (Not Applicable).

Incident Response Table

  Incident SeverityCharacteristics (one or more condition present determines the severity)Response TimeIncident ManagerWho to NotifyPost-Incident Report Required*
HighSignificant adverse impact on a large number of systems and/or people

Potential large financial risk or legal liability to the College

Threatens confidential data

Adversely impacts a critical enterprise system or service

Significant and immediate threat to human safety

High probability of propagating to a large number of other systems on or off campus and causing significant disruption
ImmediateDirector of TechnologyDirector of Technology
System Administrator
Helpdesk Administrator
MediumAdversely impacts a moderate number of systems and/or people

Adversely impacts a non-critical enterprise system or service

Adversely impacts a departmental scale system or service

Disrupts a building or departmental network

Moderate risk of propagating and causing further disruption
4 hoursAppointed by Director of Technology  Director of Technology System Administrator Helpdesk AdministratorNo, unless requested by the Director of Technology or other appropriate administrator
LowAdversely impacts a very small number of non- critical individual systems, services, or people

Disrupts a very small number of network devices or segments

Little risk of propagation and further disruption
Next business dayHelpdesk Administrator Director of Technology System Administrator Helpdesk AdministratorNo
N/A“Not Applicable” – used for suspicious activities which upon investigation are determined not to be an IT security incident.

Contact Information

Campus Technology

Phone: 828-669-8012 Ext. 3663


Revision History

Initial Draft: 08/10/2016
Revised: 08/18/2016
Revised 09/02/2016

PDF version of Incident Response Policy