Where does a state entity find what information should be collected prior submitting an incident report on the California Compliance and Security Incident Reporting System (Cal-CSIRS)?

A state entity should immediately report the incident, providing all of the known information available about the incident, upon discovery and should not delay reporting due to an inability to gather all of the information on this list. Guidance on information to be collected can be located on the California Highway Patrol’s website under “Computer Crime Reporting for State Agencies” and in the SIMM 5340-A – Incident Reporting and Response Instructions (PDF).