This could be a cyber or non-cyber (resilience) incident and must be reported without undue delay, and in any event within 72 hours of becoming aware of the incident.
Do not submit any sensitive information over email.
Before submitting sensitive security information to the Compliance and Enforcement Team please contact us to receive secure handling instructions to transfer this information.
Post Incident Review
The competent authority will continually assess the incident with input from the OES on a regular basis. As part of this assessment the competent authority will endeavour to gauge if there are any grounds for enforcement action to be taken.