Incident Response Procedure
1. Purpose and Scope
This Incident Response Procedure describes how Boarding School Software (BSS) identifies, assesses, manages, and responds to information security incidents. It is designed to align with the Security & Data Residency Compliance Charter and provides assurance to schools that appropriate processes are in place, without forming contractual obligations.
2. Definition of an Incident
An information security incident may include unauthorised access to systems or data, suspicious or malicious activity, accidental disclosure of personal information, loss or corruption of data, service disruption, or any event reported by a school that may impact data security, availability, or integrity.
3. Incident Detection and Reporting
Potential incidents may be identified through multiple channels, including automated alerts from cloud infrastructure and security systems, reports from schools or their communities, internal monitoring and log review, or notifications from third‑party service providers. All reported events are treated as potential incidents until assessed.
4. Initial Assessment and Triage
Upon identification of a suspected incident, BSS will record the event, assess its scope and potential impact, determine urgency, and identify whether immediate containment actions are required. Assessment typically focuses on the specific environment or region affected.
5. Containment and Mitigation
Where appropriate, BSS will take proportionate steps to contain the incident and limit impact. Actions may include isolating affected services, restricting access, applying additional security controls, resetting credentials, or engaging infrastructure support. The objective is to protect data and system integrity while minimising service disruption.
6. Communication with Schools
If an incident affects, or may reasonably affect, a school’s service or data, the school will be informed as soon as practicable. Communication will be factual, measured, and updated as additional information becomes available. BSS recognises schools as the primary data controllers and supports them in managing communications with their communities.
7. Regulatory and Notification Support
Where an incident is likely to result in a high risk to the rights and freedoms of individuals, BSS will support schools by providing relevant information to assist with regulatory assessment and notification obligations. Actions will align with applicable regulatory expectations, including the GDPR 72‑hour benchmark where relevant.
8. Recovery and Restoration
Following containment, BSS will restore affected services using secure backup and recovery processes in place, validate system integrity, and monitor systems closely to ensure stable operation before returning to normal service levels.
9. Post‑Incident Review and Improvement
After resolution, BSS conducts a post‑incident review to understand root causes, assess the effectiveness of the response, and identify opportunities for improvement. Lessons learned inform updates to controls, monitoring, and operational practices.
10. Ongoing Readiness
BSS maintains ongoing incident readiness through continuous monitoring, access controls, separation of staging and production environments, data encryption, review of cloud security advisories, and clear internal escalation pathways.