Creating the RPA-compliant Cyber Response Plan for your school

Posted on 29 September 2022, by Nelson Ody, Product Manager Cyber Security
creating a cyber response plan for your school

One of the four conditions that must be met for cyber threat cover to be included in the DfE’s risk protection arrangement (RPA) is that the school must have an appropriate Cyber Response Plan.

Despite what a certain heavyweight world champion, and slightly less colourfully a 19th-century Prussian field marshal, said about plans the cyber response plan is essential. When a cyber security event strikes, a well-considered plan will help you react appropriately under the pressure of an actual incident.

Time spent creating a plan will help you identify technical or skills gaps in your ability to handle an incident.

Follow the Cyber Response Plan Template

To help schools ensure that they cover all the relevant areas, the DfE has published Risk Protection Arrangement Cyber Response Plan Template [PDF].

The template sets out the actions to take in the event of a cyber security incident and covers defensive actions to take. These tactics will make any cyber attack less likely to be successful or less severe if it does breach the school’s defences.

A school’s existing IT Security and Data Protection Policy may already include elements that can be included in the response plan. Other aspects of the template, such as communication templates to notify parents and carers of the impact, will be helpful when handling an incident and allow schools to concentrate valuable resources on actions to mitigate its impact.

Key points to remember about creating your plan

  1. Ensure it is reviewed and maintained as per the schedule AND when staff members change.

  2. You may require input on some technical elements from your IT service provider.

  3. In the 'Critical Activities - Data Assets' section, allocate one of the specific timescales to each one as suggested. Non-specific timings such as "Immediately" or "ASAP" are not suitable or realistic response times.

  4. Keep an easily accessible copy of the response plan with other critical incident documentation as per school/MAT policy.

  5. This document is not unlike other documents you already have, for instance, your "Snow Day" plans. They may well be helpful when completing it.

We have published blog pieces on the other elements of the RPA cyber protection. They cover:




Categories: Safety and security

Share this post
Categories
back to top button
back to top button


Back to top

Registered office: 142B Park Drive, Milton Park, Milton, Abingdon, Oxfordshire, OX14 4SE

Tel: +44 (0)1235 645 316   

RM Technology

Education technology from RM

Support services

Broadband for schools

Web filtering for schools

School management software

Classroom devices

Parental contribution scheme

Networking for schools

Audio visual solutions

Technology case studies

Technology blog

Contact us

RM Assessment

Digital assessment from RM

Create and deliver

Collect, collate and mark

Results and feedback

Assessment case studies

Assessment blog

Contact us

About us

About RM

Terms and conditions

Events

Newsroom

Buying frameworks

Customers

Log into your RM account

Support portal

RM plc

Investor relations

Careers

TTS UK

TTS International

Consortium

RM India

Group contact details

Policy

RM and cookies

Privacy

GDPR

Gender pay report

Tax strategy

Anti-slavery statement

Code of business conduct

Equality, diversity and inclusion

Environmental policy

Group carbon reduction plan

© RM 1997 - 2023