/policies/,/policies/administrative/,/policies/administrative/uwhc/,/policies/administrative/uwhc/department-specific/,/policies/administrative/uwhc/department-specific/information-services/,/policies/administrative/uwhc/department-specific/information-services/is-procedures/,

/policies/administrative/uwhc/department-specific/information-services/is-procedures/se-pro-003.policy

201507198

page

100

UWHC,UWMF,

Policies,Administrative,UWHC,Department Specific,Information Services,IS Procedures

Problem Review Procedure (SE-PRO-003)

Problem Review Procedure (SE-PRO-003) - Policies, Administrative, UWHC, Department Specific, Information Services, IS Procedures

SE-PRO-003

PROCEDURE




Information Services

Effective Date:
1/23/2014


Administrative Manual

x Other – Information Services

Procedure ties
to Policy #:
SE – POL - 003


x Original


Total #
Pages: 3

Title: UW Health IS Incident Review
Procedure



I. PURPOSE

The purpose of the Incident Review procedure is to provide a mechanism to review and
assess adverse events or unplanned system outages (downtime) with the goal of
identifying root causes to prevent a similar incident from occurring in the future.

II. PROCEDURE

A. Declaration of the Incident

1. Using the criteria outlined in the UW Health IS Incident Review Policy, the IS
Director On-Call declares the event as an incident that requires review. Only
the IS Director On-Call or the UWH IS CIO’s office may declare the outage as
an incident.

B. Incident Documentation

1. Incident Tracking Ticket Opened: Within 24 hours of the incident, at the
request of the IS Director On-Call, an Incident Tracking ticket for the incident
will be opened (Category: System Event, Type: Incident Review). The
Incident Tracking ticket is generally opened by the Helpdesk staff; however
the Incident Tracking ticket could be opened by the analyst or the IS Director
On-Call with an assignment to the Security Engineers group.

2. Incident Tracking Ticket / Incident Report: The Incident Tracking ticket /
incident report information is completed by the lead analyst(s) in preparation
for the incident review. All details of the incident are recorded in the incident
review report detail template within the Incident Tracking ticket.

3. Weekly Reports: Weekly reports showing open, closed, and scheduled
reviews are run every week by the Manager, Helpdesk and are sent via email
to IS Management.

C. Incident Review Meeting

1. Meeting Schedule, Attendance, and Materials: Each incident will be
reviewed in a formal meeting within 2 weeks of the incident. The Incident



Page 2 of 3

Coordinator will schedule and facilitate the meeting. The lead analyst and all
analysts who participated in the resolution of the incident or whose customers
were impacted by the incident shall be invited to the incident review meeting.
The IS Director On-Call at the time of the incident shall attend the meeting as
well as any other IS management staff as deemed appropriate. The incident
documentation will be distributed to all attendees prior the meeting.

2. Meeting Agenda / Goal: The purpose of the meeting is to review incident
issues, identify root causes to the problem, and identify solutions. An action
list will be generated to implement the identified solutions.

D. Incident Follow-up Actions and Responsibilities

1. Logging of Follow-up Actions: Follow-up actions are logged into Incident
Tracking as an assignment. The assignment remains open until the
assignment is complete or until the assignment is approved as a work
request / project and is entered into the project database.

2. Completing Follow-up Actions: It is the responsibility of the IS analyst
assigned to the incident and follow up activities to actively manage and
complete their assigned actions and report completion to IS management and
the IS Director On-Call at the time of the incident.

3. Retention of Incident Documentation: It is the responsibility of the Incident
Coordinator to ensure that the incident information is documented, reported,
and stored in an encrypted file with limited, need-to-know access only, for a 6
year period.


III. FORMS
There are no forms identified for this policy.


IV. SUPPORTING POLICY
UW Health IS Incident Review Procedure SE – POL – 003


V. COORDINATION

The details of Coordination of UWHC, UWMF and UWSMPH are shown below. Approval
and coordination of this policy by those entities occurs per their individual processes.

UWHC Sr. Management Sponsor: Leroy Baker, UW Health IS CTO
UWHC Author: Dave Jaworski, UW Health IS Technical Support
Services Director
UWHC Reviewers: UW Health IS IS VP/CIO & Directors
UWHC Reviewers: UWHC Internal Audit

UWMF Sr. Management Sponsor: Leroy Baker, UW Health IS CTO



Page 3 of 3

UWMF Author: Elaine Gerke, UW Health IS Security Officer
UWMF Reviewers: UW Health IS VP/CIO & Directors

UWSMPH Approval: UW Administrative Legal Services


V. SIGNED BY


[Insert Signature Block(s) for Appropriate Signer] Date


[Insert Signature Block(s) for Appropriate Signer] Date

VI. REVISION HISTORY

Effective Date Next Review Summary of Changes Change Authors
1/23/2014 1/23/2017 Original release. D. Jaworski, E. Gerke, S. Schroeder