Begin Main Content Area

L&I, Office of Information Technology Procedure


Name: Security Incident Reporting for Social Security Administration
Effective Date: December 2016
Category: Security
Version: 1.1
  1. Scope:

    This procedure applies to all Department of Labor & Industry (L&I) employees and business partners, and contractors when L&I has declared or suspects a breach or loss of Personally Identifiable Information (PII) or a security incident that includes Social Security Administration (SSA) provided data.

  2. Procedure:

    The procedure is implemented by various IT staff under the direction of the L&I Chief Information Security Officer (CISO) under the authority of the Chief Information Officer (CIO), or Deputy Chief Information Officer (DCIO).

    Step Responsibility Action
    1. Any User If any L&I User becomes aware of suspected or actual loss of PII, he or she must immediately contact the L&I CISO
    2. CISO Notify the agency CIO, Communications and Press Office(CPO) and Deputy Secretary for Administration immediately after confirmation that a High or Critical level information security incident has occurred and an L&I incident tracking number has been assigned.
    3. CISO Coordinate incident with L&I and Office of Administration (OA) Enterprise Security.
    4. CISO Completes SSA PII Loss Reporting Worksheet.
    5. CISO Notify the United States Computer Emergency Readiness Team (US-CERT) within one hour of discovering the incident.
    6. CISO Must also notify the SSA Systems Security contact named in the Electronic Information Exchange Partner (EIEP) agreement.
    • If L&I has been unable to make contact within 1 hour with that person the CISO must call SSA's National Network Service Center (NNSC) toll free at 877-697-4889 (select "Security and PII Reporting" from the options list).
    7. CISO Provide updates as they become available to SSA contact, as appropriate. Refer to the worksheet provided in the EIEP agreement to facilitate gathering and organizing information about an incident.
    8. SSA Make determination if the risk presented by the breach or security incident requires the notification of the individuals whose information is involved and/or remediation action.
    9. L&I Perform identified remediation actions as outlined by SSA.

  3. References
    L&I, OIT Policy Definitions
    SEC-008 - Security Incident Response Policy
    Reporting Information Security Incidents
    Security Incident Reporting for Internal Revenue Service
    Security Breach Checklist
    OA ITP-SEC024 IT Security Incident Reporting Policy
  4. Version Control
    Version Date Purpose
    1.0 08/2008 Base Document
    1.1 12/2016 Reformatted, revised content