A cyber response plan (CRP) is a document that coordinates the response activities and process to follow in a suspected incident.
Creating your plan
Follow this check list to get your cyber response plan ready to use.
Download our printable version.
Documentation
Tailor your response plan to your school. Make sure it has details, roles and responsibilities that match your school’s structure and ways of working.
Involve the right people in making and agreeing your plan. You may want to include IT staff or support providers, senior leaders, HR and communications teams and suppliers.
Be aware of other plans and make sure they work with your CRP. These might include:
- business continuity plan
- safeguarding policy
- data protection policy
- communication plans
- service level agreements with IT or other service providers
- acceptable use policy
Roles and responsibilities
Establish a cyber recovery team led by a SLT digital lead.
Define roles and responsibilities for each person who will be involved.
Make sure everyone knows their role and has any training they need.
Appoint deputies for all roles.
Collect up-to-date contact details for everyone and have a system to keep the information updated.
Plan ahead
Pre-plan internal communications. Identify what communications are likely to be needed during and after a cyber security incident. Use our templates to get started
Set escalation criteria: define what incidents must be escalated to senior leaders and how quickly. This also includes when to contact the RPA (if you are part of the scheme).
Create and maintain plans for common incidents (such as ransomware, business email compromise, and extortion).
Decide and document when IT Support can act without authorisation to reduce risk and impact.
Print out hard copies of plans, or save them in a format you can access in a cyber attack.