Ohio’s new House Bill 96 requires every political subdivision—cities, counties, townships, and school districts—to adopt a formal, documented cybersecurity program aligned to recognized frameworks like NIST CSF or the CIS Controls. It also mandates 7‑day and 30‑day incident reporting and restricts ransomware payments without a public vote.
Key dates to keep in mind:
- Now in effect: Incident reporting requirements (as of Sept. 30, 2025)
- Jan. 1, 2026: Program adoption deadline for counties and cities
- July 1, 2026: Program adoption deadline for school districts and other subdivisions
How Tech Dynamix helps you meet HB 96:
- Framework‑aligned cyber program: Policies, standards, and controls mapped to NIST CSF/CIS, right‑sized for your staff, systems, and budget
- Threat detection & response: 24×7 monitoring, EDR/SIEM tuning, playbooks, and tabletop exercises so your team knows exactly what to do on Day 0
- Incident reporting & governance: Operationalize HB 96’s 7‑day and 30‑day workflows, plus documentation and approvals for ransomware scenarios
- Annual staff training: Role‑based awareness programs that turn your people into your first line of defense
- Resilient infrastructure: Network hardening, MFA, secure backups, and recovery plans that get you back online fast—without paying a ransom
Based in Northeast Ohio, Tech Dynamix partners with municipalities and K‑12 districts to design practical roadmaps, implement controls, and stay audit‑ready—so you can focus on serving your community.
📩 Let’s get you compliant—fast. Message us to schedule a HB 96 readiness assessment and tailored plan.
