Corporate report

SCP06 NDA estate cyber incident reporting and response policy

This document sets out the policy for the reporting of, and response to, cyber incidents originating in, or impacting on, the NDA's estate.



This document is intended to assist with the identification of cyber incidents, and the reporting of them to the appropriate authorities.

Whilst responsibility for responding to cyber incidents within the NDA lies with duty holders, any incident in one part of the estate could impact on others and so this policy also aims to ensure that risk owners across the estate have the information that they require to protect themselves from comparable attacks. Equally, this policy also aims to identify the processes by which NDA, and the rest of the estate, might render assistance to each other in the event of a cyber incident.