YSGOL PENRHYN DEWI VA
St Davids Peninsula 3-16 Church in Wales VA School
Menu
Cyber Incident Response & Support

Ysgol Penrhyn Dewi – Cyber Incident Response Hub

At Ysgol Penrhyn Dewi, we are committed to keeping our digital systems and data secure.
As technology becomes increasingly central to teaching, learning and school operations,
it is essential that we are fully prepared to prevent, respond to, and recover from any cyber incident.

What is a cyber incident?
A cyber incident is any event that threatens the security, integrity or availability
of our school’s digital systems or data.

Under GDPR, any personal data breach must be reported to the Information Commissioner’s Office (ICO) within 72 hours.

Our Cyber Response Framework

1. Cyber Response Team

We maintain a designated team responsible for leading our response. This includes senior leadership,
the Data Protection Officer, our IT support partner and key administrative colleagues.

2. Preparation: Identifying Risks

We routinely review:

  • System and software vulnerabilities
  • User access permissions
  • Data sensitivity and storage
  • Password and authentication practices
  • Third-party software/partners

3. Preparation: Preventative Measures

  • Secure password and MFA policies
  • System updates and patching
  • Regular data backups
  • Staff cybersecurity training

4. Creating Our Cyber Response Plan

Our plan outlines key contacts, communication steps, system recovery priorities
and essential procedures during an incident.
Printed copies are stored securely onsite for use during digital outages.

5. Detection: Recognising a Cyber Incident

If something appears suspicious, staff must:

  • Report it immediately to the Cyber Response Team
  • Avoid using affected systems or devices
  • Preserve any evidence where possible

6. Containment: During the Incident

  • Isolate affected accounts or devices
  • Reset compromised credentials
  • Work with IT specialists to stop spread
  • Keep staff informed as appropriate

We never pay ransom demands.

7. Recovery & Restoration

  • Restore systems from verified secure backups
  • Rebuild or re-image affected devices
  • Support staff impacted by disruption
  • Verify systems are safe before reconnecting

8. Review & Learn

After every incident, we carry out a full review and update procedures, training and systems
to prevent future issues.

Immediate Actions During a Cyber Incident

The following actions take place without delay:

  • Activate the school’s Cyber Response Plan
  • Inform the Chair of Governors
  • Contact our IT support partner
  • Inform Hwb if applicable
  • Report to Action Fraud
  • Notify Local Authority emergency contacts
  • Consult with the Data Protection Officer
  • Assess whether the incident must be reported to the ICO (within 72 hours)

Supporting Documents

  • Cyber Response Plan
  • Contact List & Incident Checklist
  • Recovery Priorities Guidance

Useful Links

  • https://www.ncsc.gov.uk/section/education-skills/schools
  • https://www.ncsc.gov.uk/collection/small-business-guidance–response-and-recoveryNCSC Response & Recovery Guide
  • https://www.ncsc.gov.uk/section/exercise-in-a-box/overview