The Identity Theft Prevention Officer is authorized to conduct security audits of any area containing CSI at anytime to ensure the safety and security of that information.

 

1.	Employee Protocol

·	Do not disturb the area.

·	Secure the area.

·	Notify manager or supervisor.

·	Manager will contact Identity Theft Prevention Officer

·	Document the event.

·	Submit to Identity Theft Prevention Officer.

 

2.	Manager or Supervisor Protocol

·	Ensure affected area is secure. Do not let anyone use the phone or computer in that area.

·	Gather visitor logs, employee time sheets, list everyone who had access before, during, and after the incident.

·	Interview employee witness(es).

·	Contact ISO.

·	Identity Theft Prevention Officer Protocol

·	Determine that there is a breach

·	Interview Employee Witness

·	Review Security Incident Report

·	Contact the University attorney

·	Make a police report

·	Notify potential victims according to legal statutes.

·	Public relations and continuity considerations.

 

1.	Employee Protocol

·	Be sympathetic to the potential victim

·	Do not confirm or deny their allegations

·	Document the conversation

·	Document contact information

·	Inform them that your Identity Theft Prevention Officer will contact them.

 

2.	Identity Theft Prevention Officer Protocol

·	Interview Employee Witness

·	Review Security Incident Report

·	Contact potential victim.

·	Ask them to reiterate their story.

·	Assure them that you will look into it.

·	Contact your attorney.

·	Determine that there is a breach

·	Assess the extent of damage

·	Make a police report

·	Notify potential victims according to legal statutes.

·	Public relations and continuity considerations