<Company Logo> Cyber Security Incident Response Plan
Cyber Security Page 2 of 12 <Date>
Incident Response Plan <Version #>
Goals for Cyber Incident Response
When a cyber security incident occurs, timely and thorough action to manage the impact of the incident
is a critical to an effective response process. The response should limit the potential for damage by
ensuring that actions are well known and coordinated. Specifically, the response goals are:
1. Preserve and protect the confidentiality of constituent and employee information and ensure the
integrity and availability of <COMPANY NAME> systems, networks and related data.
2. Help <COMPANY NAME> personnel recover their business processes after a computer or
network security incident or other type of data breach.
3. Provide a consistent response strategy to system and network threats that put <COMPANY
NAME> data and systems at risk.
4. Develop and activate a communications plan including initial reporting of the incident as well as
ongoing communications, as necessary.
5. Address cyber related legal issues.
6. Coordinate efforts with external Computer Incident Response Teams and law enforcement.
7. Minimize <COMPANY NAME>’s reputational risk.
Purpose and Scope
This publication provides practical guidelines on responding to cyber security and data breach incidents
in a consistent and effective manner. The plan establishes a team of first responders to an incident with
defined roles, responsibilities, and means of communication.
While this plan is primarily oriented around cyber-related incidents and breaches, it can also be utilized
for data breaches that are not related to computer systems.
Incident Response Team (IRT)
A team comprised of company staff, advisors, and service providers shall be responsible for
coordinating incident responses and known as the Incident Response Team (IRT). The IRT shall
consist of the individuals listed in Appendix A, having the noted roles and responsibilities. This team
will have both primary members and secondary members. The primary members of the IRT will act as
first responders or informed members to an incident that warrant IRT involvement, according to the
incident’s severity. The entire IRT would be informed and involved in the most severe incidents.
IRT members may take on additional roles during an incident, as needed. Contact information,
including a primary and secondary email address, plus office and mobile telephone numbers shall be
maintained and circulated to the team. The IRT will draw upon additional staff, consultants or other
resources, (often referred to as Subject Matter Experts – SME’s) as needed, for the analysis,
remediation, and recovery processes of an incident. The Information Technology (IT) function plays a