At First Student, protecting personal information and maintaining operational integrity is a top priority. In today’s digital environment, cybersecurity threats like data breaches and malware are an ever-present risk. That’s why we’ve developed a comprehensive and proactive approach to managing cyber incidents—ensuring we can respond swiftly, efficiently, and transparently when it matters most.
A Clear Plan for Cyber Emergencies
To guide our response to cyber threats, we use a detailed Cyber Emergency Response Management Runbook. This structured guide outlines a formal, step-by-step process to manage cybersecurity incidents, covering:
Detection and Initial Assessment
Containment and Mitigation
Investigation and Analysis
Recovery and Restoration
Notification and Communication
Post-Incident Review and Improvements
This process ensures that every cyber emergency is handled with care, minimizing impact and supporting rapid recovery.
Emergency Levels Tailored to the Situation
Not all cyber incidents are the same. That’s why our response framework categorizes emergencies into four severity levels:
Level 1 – Manageable within the affected business unit
Level 2 & 3 – Moderate to serious events needing broader coordination
Level 4 – Large-scale emergencies with national or global impact
This allows us to scale our response based on the size and scope of the incident.
Led by Experts: The Emergency Response Team
Each cyber emergency is managed by our Emergency Response Management Team (ERMT), led by the Senior Director of Cybersecurity. This team includes experts from across the organization and is activated based on the incident’s severity level.
To coordinate response efforts, we establish an Emergency Response Room (ERR)—a physical or virtual hub where key decision-makers can act quickly and share critical information.
Transparent and Timely Communication
Communication is a vital part of managing cyber incidents. Our runbook includes clear plans for:
Internal communication – Ensuring employees are informed and involved
External communication – Notifying stakeholders, partners, and regulatory agencies when needed
We believe that transparency builds trust, and we are committed to keeping those affected informed during any incident.
Staying Current and Compliant
Cyber threats evolve, and so do we. Our cybersecurity policy is reviewed annually, or more often if needed, to reflect:
Lessons learned from previous incidents
Changes in business operations
Updates in cybersecurity laws and regulations
This ensures our approach remains effective, relevant, and compliant.
A Commitment to Cybersecurity
First Student’s response strategy is designed to protect data, restore operations quickly, and continuously improve. By investing in strong cybersecurity practices and preparedness, we are committed to safeguarding our systems, our people, and the communities we serve.