Back
to top

Records Management Services

Cybersecurity Incident Guidelines

Reporting Damaged/Lost Records: Associated with a Cybersecurity Event

In accordance with PL 1953, c. 410/NJSA 47 and PL 2023, c.19, in the aftermath of a cybersecurity event that results in damage and/or loss of public records stored in a computer system(s), once the extent of damage/loss is known and the agency has taken all possible measures to restore the affected records, the agency must submit a Cybersecurity Event Report to the Division of Revenue and Enterprise Services, Records Management Services Unit (RMS) detailing the damage/loss. RMS will present the Report to the State Records Committee (SRC) for disposal authorization.

Note: Prior to reporting to the SRC, the agency must comply with New State Laws PL 2023, c.19, governing reporting on cyber incidents and breaches. You may access information and report via the New Jersey Cybersecurity and Communications Integration Cell.

Instructions for Reporting: Damaged/Lost Records Associated with a Cybersecurity Event
  • Download, Complete and Submit the Cybersecurity Incident Reporting Form to Records Management Services (RMS).
  • Respond to questions posed by RMS.
  • Attend the State Records Committee Meeting.
  • Maintain the SRC-issued Acknowledgement or Approval.
  • Provide Requestors Seeking Access to the Involved Records with a Damaged/Lost Records Attestation.

Last Updated: Thursday, 10/02/25