Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation (UK)


Key Questions: What kind of data breaches could occur in my organization? How do I report data breaches for my organization in the UK? 

It is essential that all Information Governance Serious Incidents Requiring Investigation (IG SIRIs) which occur in Health, Public Health and Adult Social Care services are reported appropriately and handled effectively. Commissioned services should be subject to the same requirements to report data breaches to the commissioner of the service and directly through the arrangements described in this document

This guidance document covers the reporting arrangements and describes the actions that need to be taken in terms of communication and follow up when an IG SIRI or Cyber SIRI occurs. Organizations should ensure that any existing policies for dealing with IG SIRIs or Cyber SIRI are updated to reflect these arrangements. This guidance document and supporting IG Incident Reporting Tool product applies to all organizations providing or supporting Health, Public Health and Adult Social Care services in England.


  • The Scope
  • The Requirement
  • The Purpose
  • The Checklist
  • Further Assistance 
Contact Person/Organization: 

Health and Social Care Information Centre

Type of Tool:

Publication Date: 

London Health & Social Care Summit: Information Governance Toolkit - Ralph McNally