Incident Response Plan (IRP)
What Is the USU Incident Response Plan?
USU’s Incident Response Plan (IRP) is the university’s official guide for identifying, managing, and resolving information security incidents that could impact the confidentiality, integrity, or availability of university data—whether digital or physical.
This plan supports Utah State University's Information Security and Appropriate Use Policy 5200 and applies to all students, staff, faculty, and third-party vendors who access or handle institutional data.
Purpose & Goals
The IRP is designed to:
- Respond quickly and effectively to security incidents
- Minimize potential damage and disruption
- Identify causes and prevent repeat issues
- Ensure proper communication and legal compliance
- Preserve forensic evidence where necessary
- Protect the university’s reputation
What Counts as an Information Security Incident?
An information security incident can include:
- Unauthorized access to systems or data
- Loss or theft of devices containing sensitive info
- Service disruptions or denial-of-service (DoS) attacks
- Unauthorized system use or modifications
Note: This plan doesn’t cover natural disasters or non-security-related outages.
Who Must Comply?
- All USU faculty, staff, and departments
- Third-party vendors managing university data
- Personal devices used to access or store institutional data
Reporting an Incident
Incidents must be reported within 48 hours of discovery.
You can report through:
- IT Service Desk: 435.797.HELP (4357) or servicedesk@usu.edu
- USU Hotline Reporting System
- Directly to the CISO, or Data Privacy Officer
If there’s a threat to safety or property, contact USU Public Safety immediately.
Incident Response Lifecycle
USU uses a structured, staged approach to manage incidents:
- Preparation – Training, tools, and readiness
- Identification – Detecting and documenting incidents
- Containment – Stopping the spread and impact
- Eradication – Investigating and removing threats
- Recovery – Restoring systems and preventing recurrence
- Lessons Learned – Reviewing outcomes and improving
Who’s Involved in Responding?
Chief Information Security Officer (CISO) – Leads the university’s information security efforts and coordinates incident response strategy.
Data Privacy Officer – Assesses privacy implications, ensures proper handling of personal data, and supports breach notification compliance.
Compliance Owners – Ensure responses align with USU and unit-level policies and regulations.
Office of General Counsel – Provides legal guidance throughout the response process, especially in incidents involving potential regulatory or legal exposure.
Vendors/Contractors – Must report and respond to incidents based on contractual obligations and data protection agreements.
Communication Protocol
All incident-related communication is managed through the IAT to ensure accuracy, consistency, and minimal disruption. Departments should not make external or internal announcements without first coordinating with IAT.