Computer Security Violation Reporting

Purpose
  1. To ensure compliance with the Texas Administrative Code, Title 1, (TAC 202), Family Educational Rights and Privacy Act (FERPA), Gramm Leach Bliley Act (GLB ACT), Health Insurance Portability and Accountability Act (HIPAA) and the policy which requires that all users of UH corporate computers shall have the affirmative obligation to report, directly and without undue delay to the Information Security Officer, any and all information concerning conduct which they know to involve corrupt or other criminal activity or conflict of interest, (1) by another University of Houston employee, which concerns his or her office of employment, or (2) non-University of Houston personnel whose activities involve the University of Houston.
  2. To provide prompt notification to the ISO of computer abuse situations which may include:
Scope

Applies to all University of Houston employees.

Standard

Every employee who has knowledge of a computer abuse which has or may be occurring on a University of Houston computer processing system must inform an appropriate University of Houston official.

Guidelines

The following information should be gathered for each reported violation. The ISO is responsible for gathering this data, once he/she is initially contacted by the employee reporting the abuse. Information to collect includes:

  1. Description of the abuse:
  2. Person(s) suspected of the abuse
  3. Person(s) reporting/detecting abuse
  4. Evidence available to substantiate suspicion of abuse