As a customer of the scheme, you are obliged by our Terms of Service and The UCAS Application and Recruitment policy to report any cyber security events.
Immediate Notification
As soon as your business becomes aware of a cyber security event, it must be reported to UCAS without delay by calling 0344 984 1111 or emailing: [email protected]
Out of working hours, please report via our self-service portal
The Business Continuity Contact
We ask that each provider assigns and maintains a business continuity contact. This person would be the main point of contact in the event of a cyber security event and would be the contact to discuss measures taken regarding access to UCAS systems.
Assessment by UCAS
Upon notification, UCAS will promptly assess the impact of the incident and determine any necessary restrictions. This assessment may involve temporary suspension of access to some or all UCAS systems. These measures are in place to guarantee the safety and security of our data.
Support and recovery
UCAS will support you throughout the security incident management process, working with you to reinstate access to UCAS systems as soon as is feasible based on the required assurances sent to UCAS.
The steps to recovery will depend on the severity of the attack and the time of year.
One critical thing to note is that the assurances we require must come from a CREST assured Cyber Security Incident Response (CSIR) partner working with the provider.
The following is a general guide to what can help you to achieve restoration of access to UCAS.
- Communications:
- Assurance that channels (e.g. email) were unaffected by the event or have been securely restored.
- Browser based services such course management tools and Web-Link (everything except XML-Link/UCAS-Link):
- Assurance that devices, network, and any storage areas used by staff requiring access are assured secure.
- This could initially be to a limited number of users in admissions who needed access to Web-Link to make decisions. The number of users can be increased as more users are issued with recovered/secured devices.
- Student record system connection:
- Assurance that the system, its platform, and infrastructure is secured/recovered.
- Assurance that devices connecting to the system are secured/recovered.
Actions may become more granular depending on the severity of the cyber event.
Updating your business continuity contact
Please ensure you have updated your business continuity contact. This will only be used if other channels are unavailable. This person must be whom we should contact to discuss measures taken regarding access to UCAS systems resulting from the incident.
We need an alternative personal email address for this and a mobile number, not your regular provider email and phone number.