One of the four conditions that must be met for cyber threat cover to be included in the DfE’s risk protection arrangement (RPA) is that the school must have an appropriate Cyber Response Plan.
Despite what a certain heavyweight world champion, and slightly less colourfully a 19th-century Prussian field marshal, said about plans the cyber response plan is essential. When a cyber security event strikes, a well-considered plan will help you react appropriately under the pressure of an actual incident.
Time spent creating a plan will help you identify technical or skills gaps in your ability to handle an incident.
Follow the Cyber Response Plan Template
To help schools ensure that they cover all the relevant areas, the DfE has published Risk Protection Arrangement Cyber Response Plan Template [PDF].
The template sets out the actions to take in the event of a cyber security incident and covers defensive actions to take. These tactics will make any cyber attack less likely to be successful or less severe if it does breach the school’s defences.
A school’s existing IT Security and Data Protection Policy may already include elements that can be included in the response plan. Other aspects of the template, such as communication templates to notify parents and carers of the impact, will be helpful when handling an incident and allow schools to concentrate valuable resources on actions to mitigate its impact.
Key points to remember about creating your plan
Ensure it is reviewed and maintained as per the schedule AND when staff members change.
You may require input on some technical elements from your IT service provider.
In the 'Critical Activities - Data Assets' section, allocate one of the specific timescales to each one as suggested. Non-specific timings such as "Immediately" or "ASAP" are not suitable or realistic response times.
Keep an easily accessible copy of the response plan with other critical incident documentation as per school/MAT policy.
This document is not unlike other documents you already have, for instance, your "Snow Day" plans. They may well be helpful when completing it.
We have published blog pieces on the other elements of the RPA cyber protection. They cover: