|
|
Definition
IT Incident Response and Service Continuity
The School’s IT Incident Response Plan is designed to address IT incidents effectively. The primary goal of the plan is to minimise disruptions to students' learning and ensure the continued delivery of the School's services.
This plan is crucial for swiftly managing IT incidents to minimise impact on educational activities and maintain operational continuity. By focusing on reducing disruptions, the School ensures that its services remain uninterrupted and students' learning experiences are protected.
|
|
|
CTO |
Rule
Oversight and Activation of the IT Incident Response Plan
The Chief Technology Officer (CTO) oversees the IT Incident Response Plan and initiates it by notifying the Board of Governors, the Quality and Audit Committee, and the Executive Committee about the incident. The President must then evaluate the severity of the incident and decide whether to proceed with the plan. Upon receiving authorisation from the President, the CTO will convene a Response Committee and enlist the assistance of relevant Executive Committee officers.
This process ensures that the IT Incident Response Plan is managed effectively with clear communication and decision-making. The President’s involvement in authorising the response ensures that appropriate actions are taken based on the incident's severity, while the CTO's role in convening the Response Committee ensures that expertise is mobilised efficiently.
|
|
|
CTO |
Rule
Response Committee Collaboration and Communication
The Chief Technology Officer (CTO), as the chair, must collaborate with designated School teams to form the Response Committee. The committee will meet daily until the CTO reports to the Board of Governors, Audit Committee, and Executive Committee that the incident is resolved. The President will then formally declare the incident closed.
This rule ensures that the Response Committee, led by the CTO, maintains consistent communication and oversight during an incident. Daily meetings allow for timely updates and coordinated efforts, while formal notifications to the governing bodies ensure all stakeholders are informed of the resolution and closure of the incident.
|
|
|
CTO |
Rule
Roles and Responsibilities of Response Committee, including Continuity of Learning and Education Services
-
CTO: The Chief Technology Officer (CTO) chairs the Response Committee.
-
IT Team: Upon incident occurrence, the IT Team must assign at least one member to handle the incident exclusively. This member will investigate, contain the incident, oversee resolution, and report to the CTO. They will also act as the secretary, maintaining minutes and tracking actions.
-
Marketing Team: The Marketing Team must designate at least one member to manage communications while the system is down. They will use backup systems to email and text stakeholders and students. Immediate updates on the incident's status and expected resolution time must be communicated via the website and social media. At least one update per day is required. The Marketing Team will provide contact details for students to direct all queries through them and maintain a record of all communications.
-
Director of Education (DoE): The DoE ensures minimal disruption to learning and teaching. The School maintains regular backups of the AGS, VLE, and course content on diverse servers, including cloud platforms. If a server fails, the School can switch to alternative servers. In cases of software or platform issues, physical and electronic copies of materials are kept updated for continuity. The School will use Google Classroom, Microsoft Teams, physical classrooms, video conferencing, its website, email, and post for ongoing education. Assessment Regulations may be adjusted during emergencies to maintain flexibility. The DoE will create and provide protocols to the CTO covering communication, timetables, staffing, content, delivery, assessments, and collaboration with external examiners and regulatory bodies. Daily updates will be provided to students through marketing messages and the DoE will coordinate with lecturers to ensure consistent information.
-
Wellbeing Team: The Wellbeing Team must assign at least one member to support student wellbeing during system outages. Contact information for the team will be provided to students. The team will implement a plan to maintain student support throughout the incident and is an essential part of the Response Committee.
This rule outlines clear responsibilities for each team involved in incident management, ensuring effective and coordinated responses. By defining roles, communication channels, and protocols, the School aims to minimise disruption, maintain continuity in learning, and ensure comprehensive support for students during IT incidents.
|
|
|
CTO |
Rule
Review and Maintenance of the Response Plan Rule:
The CTO is required to meet with the Heads of IT, Marketing, Wellbeing, and the Director of Education (DoE) at least twice each academic year to review and update the Response Plan. During these meetings, specific actions needed to keep the plan current will be assigned, and progress must be reported to the CTO. Regular testing of the plan will also be conducted. The CTO holds ultimate responsibility for the plan's effectiveness and must report its status to the Executive Committee and the Quality and Audit Committee. It is also the responsibility of all committee members to ensure their teams are trained on the plan.
This approach ensures that the Response Plan remains up-to-date and effective through regular reviews, assigned actions, and testing. Regular reporting to senior committees guarantees oversight and accountability, while team training prepares staff to effectively execute the plan when needed.
|
|
|
CTO |
Rule
Post-Incident Analysis and Reporting
Following each incident, the CTO must conduct a root cause analysis to determine why the risk management and prevention systems failed. A detailed report outlining these findings must be prepared and submitted to the Executive Committee, Quality and Audit Committee, and the Board of Governors. This report will inform updates to the Response Plan, ensuring it remains a dynamic and effective document.
This procedure ensures that each incident is thoroughly reviewed to identify system weaknesses and failures. The resulting report provides valuable insights for refining the Response Plan, promoting continuous improvement and strengthening the School’s resilience against future incidents.
|
|