🚨 Incident Response & Breach Notification Plan

Better Choices Education LLC

www.BetterChoicesEducation.com

1. Purpose

This Incident Response and Breach Notification Plan outlines the procedures Better Choices Education LLC (“Company”) will follow in the event of a suspected or confirmed data security incident involving personally identifiable information (PII), including student data. The policy ensures timely mitigation, compliance with legal requirements, and transparent communication with affected parties.

2. Scope

This policy applies to:

3. Definitions

4. Roles and Responsibilities

5. Incident Response Phases

  1. Identification: Detect or receive report of suspicious activity (e.g., alerts, user complaints, system anomalies)
  2. Containment: Isolate affected systems, disable compromised accounts, block unauthorized access
  3. Assessment: Determine scope, affected data types, and root cause
  4. Eradication: Remove threats, patch vulnerabilities, and restore secure configuration
  5. Recovery: Resume normal operations, restore data from clean backups
  6. Notification: If applicable, initiate notifications per Section 6
  7. Post-Incident Review: Document findings, update policies, and prevent recurrence

6. Breach Notification Procedures

7. Notification Contents

All required notices will include:

8. Training and Testing

9. Contact for Reporting Incidents

Suspected data incidents should be reported immediately to:

Better Choices Education LLC – Data Protection Officer
📧 Email: security@betterchoiceseducation.com
🌐 Website: www.BetterChoicesEducation.com

10. Policy Review

This plan will be reviewed annually or after any major incident, and updates will be communicated to all contracting districts.

The Company reserves the right to modify this policy as needed to ensure compliance with applicable laws and best practices.