Incident Response Plan

This Incident Response Plan outlines the procedures Ignite ICT follows to detect, respond to, and recover from security incidents, including data breaches, unauthorized access, system compromises, and other cybersecurity events. This plan applies to all Ignite ICT systems, data, employees, contractors, and third-party service providers with access to our systems or data.

Our goal is to minimize damage, reduce recovery time, maintain the trust of our school partners and students, and ensure compliance with applicable laws and regulations including FERPA, COPPA, and PIPEDA.

Detection Methods

We employ automated monitoring tools, intrusion detection systems, log analysis, and regular security audits to identify potential incidents. Staff members are trained to recognize and report suspicious activity immediately.

Incident Classification

Incidents are classified by severity: Critical (active data breach or system compromise affecting student data), High (unauthorized access attempt or vulnerability exploitation), Medium (policy violation or suspicious activity requiring investigation), and Low (minor anomalies or failed access attempts). Classification determines response priority and escalation procedures.

Immediate Containment

Upon confirming an incident, we take immediate steps to contain it: isolating affected systems, revoking compromised credentials, blocking malicious IP addresses, and preserving evidence for forensic analysis.

Eradication

Once contained, we identify and eliminate the root cause — removing malware, patching vulnerabilities, updating configurations, and verifying that the threat has been fully neutralized before proceeding to recovery.

Recovery procedures include restoring systems from verified clean backups, validating data integrity, implementing additional security controls as needed, conducting thorough testing before returning systems to production, and enhanced monitoring of affected systems for a defined period post-recovery.

Affected Parties

In the event of a data breach affecting personal or student data, we will notify affected schools and individuals within 72 hours of confirmed discovery. Notification will include a description of the incident, types of data involved, steps taken to contain and remediate, and recommended protective actions.

Regulatory Reporting

We comply with all applicable breach notification laws and will report incidents to relevant regulatory authorities — including provincial privacy commissioners (PIPEDA), the U.S. Department of Education (FERPA), and the FTC (COPPA) — within the required timeframes.

Our Incident Response Team includes designated leadership from IT security, engineering, legal, and communications. The team is responsible for coordinating all response activities, making containment and notification decisions, liaising with external forensics experts when needed, and conducting post-incident reviews.

After each incident is resolved, we conduct a thorough post-incident review to document the timeline of events, evaluate the effectiveness of our response, identify lessons learned and areas for improvement, update this plan and related security procedures accordingly, and provide additional training if gaps are identified. We review and update this Incident Response Plan at least annually, or after any significant incident.