...
It is the responsibility of all staff to report security incidents or violations of these policies to the Security Office. Similarly, it is everyone's responsibility to promptly report a suspected compromise of their systems or credentials (e.g. passwords, security tokens, SSH keys, and digital certificates) so that abuse can be prevented as early as possible.
...