The purpose of the Information Incident Management policy is to provide organisation-wide guidance to employees on the proper response to, and efficient and timely reporting of, computer security-related incidents, such as computer viruses, unauthorised user activity, and suspected compromise of data.