IRT Communication Procedures
Serious Severity Level
Initial Response
Contact Safety and Security immediately if there is any risk of physical or personal
safety
1. Notify by phone IT Security Engineer and IRT member(s) most knowledgeable of incident
type.
2. Notify IRT of incident. Use mailing list (Technology-Security-Incident-Handling-
Team@Mac.dartmouth.edu)and send the Remedy Ticket # with Subject: Serious Incident. If
there is suspicion that the mail system or local network is compromised then use IRT Phone
List to contact pertinent members.
3. Determine who will act as Incident Communication Coordinator and who will act as
Technical Response Coordinator
4. Communication Coordinator will inform Director of Technical Services and/or CIO
5. Following standard DartPulse reporting requirements, post messages regarding service
outages. Unless there is a benefit to the response or to prevent further problems, the
DartPulse should not include details about the incident.
Investigation
1. IRT members engaged in the investigation will contact system administrators and other
staff only as needed to gather information on the incident.
2. Communication Coordinator will contact User Services Consultant for the impacted area.
3. Communication Coordinator will provide Director of TS and/or CIO with timely updates
4. Director of TS and/or CIO will contact administrative offices (General Counsel, Provost,
Safety and Security, Dean of College) if their cooperation is needed for the investigation.
See non-PKCS Contacts and Communication Guidelines for more information
Closure
1. IRT members engaged in response will summarize the incident and the results of the
response. Send summary to IRT.
2. IRT will send summary to Dir. of TS and/or CIO.
3. Dir of TS and/or CIO will notify appropriate administrative offices of the incident and the
response results.
4. Communication Coordinator will inform Berry-Sys-Admins and Consultants? of the incident
and the response results.
5. Communication Coordinator will inform any other individuals who assisted in the
investigation of the results.
6. When appropriate, the Communication Coordinator will inform any departments affected by
the incident.
7. If necessary, send DartPulse message when service resumes
Medium Severity Incident
Initial Response
1. Notify IRT of incident. Use mailing list (Technology-Security-Incident-Handling-
Team@Mac.dartmouth.edu)to send Remedy Ticket # with Subject: Medium Incident. If
there is suspicion that the mail system or local network is compromised then use IRT Phone
List to contact the IRT Coordinator and pertinent IRT members.
2. Determine who will act as incident Communication Coordinator and who will be the
Technical Response Coordinator.
3. Following standard DartPulse reporting requirements, post messages regarding service
outages. Unless there is a benefit to the response or to prevent further problems, the
DartPulse should not include details about the incident.
Investigation
1. IRT members engaged in the investigation will contact system administrators and other
staff only as needed to gather information on the incident.
2. Communication Coordinator will contact User Services Consultant for impacted area
3. Communication Coordinator will provide Director of TS and/or CIO if contact with College
administration is required.
4. Director of TS and/or CIO will contact administrative offices (General Counsel, Provost,
Safety and Security, Dean of College)if their cooperation is needed for the investigation.
Closure
1. IRT members engaged in response will summarize the incident and the results of the
response. Send summary to IRT.
2. IRT will send summary to Dir. of TS and/or CIO.
3. Communication Coordinator will inform any other individuals who assisted in the
investigation of the results.
4. When appropriate, the Communication Coordinator will inform any system administrators or
departments affected by the incident.
5. If necessary, send DartPulse when service resumes