# Incident Response

## Security Incidents

All security incidents and *suspected* security incidents that occur in your AWS account **must be reported to both [OIT Security](https://www.cu.edu/security/reporting-incident) and [Cloud Foundations](mailto:rc-help@colorado.edu)**.

```{important}
If you become aware of, or suspect, a security incident has occurred in your AWS account, please [report it immediately](https://www.cu.edu/security/reporting-incident) directly to the CU Boulder OIT Security office **and** by emailing Cloud Foundations at [rc-help@colorado.edu](mailto:rc-help@colorado.edu).
```

### Information to include in the incident report

Please provide the following information when reporting an incident (as specified on [Reporting an Incident](https://www.cu.edu/security/reporting-incident)):

1. Contact information
2. AWS account alias
3. College or department involved
4. Brief description of what happened
5. General description of the type of information involved. Was it sensitive university information? Was it shared with or accessed by unauthorized people?
6. General description of the impact of the incident, if known
7. Any other known resources affected

## Operational Incidents

If Cloud Foundations-supported infrastructure in your AWS account is not behaving as you expect, please let us know by mailing [rc-help@colorado.edu](mailto:rc-help@colorado.edu). We'll do our best to get it corrected as soon as possible. Cloud Foundations provides support during official CU business hours.

```{note}
While we may be able to advise, support is limited for AWS resources not managed by Cloud Foundations. We are not able to assist with issues specific to customer-managed applications.
```