← Back to templates
🚨 Template

Incident response plan

Step-by-step breach response template with defined roles, communication protocols, and recovery procedures.

Download this template

Last updated: January 2025 • No email required

Download PDF Download Markdown

What's included

A complete incident response plan designed for K-12 schools. Customize with your specific contacts, procedures, and policies.

1. Incident response team

Defines who does what during an incident:

  • Incident Commander: Overall decision-making authority (typically Head of School or designee)
  • IT Lead: Technical investigation and containment
  • Communications Lead: Parent, media, and stakeholder communications
  • Legal/Compliance: Regulatory notification requirements
  • Operations: Business continuity during incident

2. Incident classification

Framework for categorizing incidents by severity:

  • Level 1 (Low): Single device malware, phishing attempt blocked
  • Level 2 (Medium): Multiple systems affected, potential data exposure
  • Level 3 (High): Ransomware, confirmed data breach, regulatory notification required

3. Response phases

Step-by-step procedures for each phase:

  • Detection: How incidents are identified and reported
  • Containment: Immediate actions to limit damage
  • Eradication: Removing the threat
  • Recovery: Restoring systems and operations
  • Post-incident: Analysis and improvement

4. Communication templates

Pre-written templates for:

  • Initial parent notification
  • Staff communication
  • Board notification
  • Media statement
  • Regulatory notification (if required)

5. Contact lists

Fillable sections for:

  • Internal response team contacts
  • Cyber insurance carrier
  • Legal counsel
  • IT vendors and support
  • Law enforcement contacts
  • Regulatory agencies

6. Technical procedures

Checklists for common scenarios:

  • Ransomware response
  • Email compromise
  • Data exfiltration
  • Network intrusion

Critical: Don't wait for an incident

The worst time to create an incident response plan is during an incident. Complete this template now, while you have time to think clearly.

  • Fill in all contact information today
  • Review with your response team
  • Print copies and store securely (digital copies may be inaccessible during an attack)
  • Test the plan annually through tabletop exercises

How to customize

  1. 1. Assign specific individuals to each response team role
  2. 2. Fill in all contact information (phone, email, backup contacts)
  3. 3. Customize communication templates with your school's voice
  4. 4. Verify cyber insurance details and contact procedures
  5. 5. Review with legal counsel and update annually

Related resources

📚

Cybersecurity essentials guide

Prevention strategies to avoid incidents

🔍

Security audit checklist

Assess your security posture

Want help with incident preparedness?

We can help you customize this plan, train your team, or run tabletop exercises to test your readiness.

Talk to an expert