Incident Response Policy (Template)

Contents

• Incident Response Policy (Template)
  • Purpose
  • Roles & Responsibilities
  • Process
  • Communications

This is a sample template for demonstration.
Download the raw file: incident-response.md

Purpose

Provide a structured approach for detecting, responding to, and recovering from security incidents.

Roles & Responsibilities

• IR Lead: Owns process, coordinates response.
• Technical Responders: Investigate, contain, eradicate, recover.
• Communications Officer: Internal/external comms.
• Legal/HR: Regulatory + employment guidance.

Process

1. Detect & Report — identify indicators, open a ticket, notify IR Lead.
2. Analyze & Classify — confirm incident, assign severity.
3. Contain — short- and long-term actions.
4. Eradicate — remove root cause, patch, re-image.
5. Recover — restore services, monitor for reoccurrence.
6. Lessons Learned — within 5 business days: timeline, wins, gaps, action items.

Communications

Follow the approved plan for stakeholder updates and notifications.