At First Student, protecting personal information and maintaining operational integrity is a top priority. In today’s digital environment, cybersecurity threats like data breaches and malware are an ever-present risk. That’s why we’ve developed a comprehensive and proactive approach to managing cyber incidents—ensuring we can respond swiftly, efficiently, and transparently when it matters most.

A Clear Plan for Cyber Emergencies

To guide our response to cyber threats, we use a detailed Cyber Emergency Response Management Runbook. This structured guide outlines a formal, step-by-step process to manage cybersecurity incidents, covering:

  • Detection and Initial Assessment

  • Containment and Mitigation

  • Investigation and Analysis

  • Recovery and Restoration

  • Notification and Communication

  • Post-Incident Review and Improvements

This process ensures that every cyber emergency is handled with care, minimizing impact and supporting rapid recovery.

Emergency Levels Tailored to the Situation

Not all cyber incidents are the same. That’s why our response framework categorizes emergencies into four severity levels:

  • Level 1 – Manageable within the affected business unit

  • Level 2 & 3 – Moderate to serious events needing broader coordination

  • Level 4 – Large-scale emergencies with national or global impact

This allows us to scale our response based on the size and scope of the incident.

Led by Experts: The Emergency Response Team

Each cyber emergency is managed by our Emergency Response Management Team (ERMT), led by the Senior Director of Cybersecurity. This team includes experts from across the organization and is activated based on the incident’s severity level.

To coordinate response efforts, we establish an Emergency Response Room (ERR)—a physical or virtual hub where key decision-makers can act quickly and share critical information.

Transparent and Timely Communication

Communication is a vital part of managing cyber incidents. Our runbook includes clear plans for:

  • Internal communication – Ensuring employees are informed and involved

  • External communication – Notifying stakeholders, partners, and regulatory agencies when needed

We believe that transparency builds trust, and we are committed to keeping those affected informed during any incident.

Staying Current and Compliant

Cyber threats evolve, and so do we. Our cybersecurity policy is reviewed annually, or more often if needed, to reflect:

  • Lessons learned from previous incidents

  • Changes in business operations

  • Updates in cybersecurity laws and regulations

This ensures our approach remains effective, relevant, and compliant.

A Commitment to Cybersecurity

First Student’s response strategy is designed to protect data, restore operations quickly, and continuously improve. By investing in strong cybersecurity practices and preparedness, we are committed to safeguarding our systems, our people, and the communities we serve.