Date Issued


Document Type



University of Health Sciences and Pharmacy in St. Louis (“University”) has adopted this policy to establish an Incident Response Plan (“IRP”) to manage the process for responding to a possible Security Incident involving Customer Information (“CI”) or Personally Identifying Information (“PII”) as defined below. The policy is intended to ensure a consistent process to follow when responding to any Security Incident, to mitigate potential risk and harm to affected parties, and to provide for post-incident review to facilitate appropriate changes to improve business practices for safeguarding and handling of Personal Information.

Responsible Party

Information Technology

appendix-a-incident-severity-classification-guidelines (2).docx (20 kB)
Incident Severity Classification Guidelines

appendix-b-incident-report-content (1).docx (18 kB)
Incident Report Content