INCIDENT RESPONSE PLAN
- Effective Date
- Incident Response Lead
- Reporting contact
1. Purpose and scope
This plan governs how responds to security and privacy incidents. The incident response lead is . Notification duties apply in: . Data potentially affected: .
2. Severity tiers
Incidents are classified to drive the response:
| Tier | Definition | Response |
|---|
| Critical | Confirmed breach of personal or regulated data, or major outage | Immediate response; notify lead and executives; start notification clock |
| High | Likely breach or significant security event | Rapid containment and investigation |
| Medium | Contained event with limited impact | Standard handling and logging |
| Low | Minor or suspected event | Triage and monitor |
3. Response phases
Each incident follows the same phases:
- Detect and report the incident to the response lead.
- Triage and classify severity.
- Contain, then eradicate the cause.
- Recover services and validate.
- Notify regulators and affected data principals within the required windows.
- Conduct a post-incident review and update controls.
4. Notification timelines
Where personal data is affected, the organisation notifies within the applicable window:
| Regime | Window |
|---|
| EU GDPR | Supervisory authority within 72 hours of awareness |
| India CERT-In | Within 6 hours of noticing certain cyber incidents |
| India DPDP | Data Protection Board and affected principals as prescribed |
5. Controls and review
Detection and monitoring: to be implemented. Playbooks documented: no. Tested in the last 12 months: no. Reviewed [cycle]; approved by on [date].
Approved by
______________________
Incident Response Lead
______________________