|
CTO |
Rule
IT Incident Response Plan
The School’s IT Incident Response Plan, part of the IT Infrastructure Management Policy, is designed to minimise disruption to students' learning and ensure continued service delivery. The Director of Technology (DoT) oversees the plan, initiating it by notifying the Board of Governors, Quality and Audit Committee, and Executive Committee of the incident. The President assesses the situation and authorises the DoT to activate the plan and convene a Response Committee if needed.
The Response Committee, chaired by the DoT, meets daily until the incident is resolved and formally closed by the President. The DoT collaborates with IT, Marketing, Wellbeing, and Department of Education (DoE) heads at least twice a year to review and update the plan. The DoT is responsible for reporting on the plan’s effectiveness and ensuring team training. After an incident, the DoT conducts a root cause analysis, evaluates why risk management measures failed, and drafts a report for the Executive Committee, Audit Committee, and Board of Governors to update the plan.
For minor incidents not requiring full activation, the President may authorise the DoT to take necessary actions, with direct reporting to the President.
This rule ensures a structured and timely response to IT incidents, safeguarding student learning and service continuity. Regular updates, reviews, and training maintain the plan’s effectiveness, while root cause analyses improve future responses. The clear roles and reporting mechanisms support efficient incident management and adaptation of the plan as needed.
|
|