Canfield board adopts cybersecurity incident response guide ahead of state deadline

The Canfield Local School District Board of Education unanimously approved a district cybersecurity incident response guide at its December meeting after the superintendent recommended adoption.

The guide, the superintendent said, is required by state law: "This is a requirement in house bill 96, which was the biennium budget," and "it had to be done by July first of of 26," according to the district presenter. The document lays out an incident command structure, contact lists and required notifications in the event of a cyber incident or phishing attack.

Board members asked about staff training and exercises. The presenter said the district completed a cybersecurity training on December 1 and plans to conduct tabletop exercises with its incident command team. "There are tabletop type of activities," the presenter said, describing ongoing preparedness work.

The board voted by roll call with all members recorded as "Yes." The motion was made based on the superintendent's recommendation and adopted without amendment. The guide will be maintained as a living document and is intended to standardize the district's response to phishing attempts, data access incidents and related fiscal risks.

Next steps include continued staff trainings and scheduled tabletop exercises; the district said it will update the board on implementation progress as needed.