The incident response policy is responsible for identifying the required actions necessary related to reporting, responding, and incident handling related to information security incidents.

What the incident response policy should address:

• Establishing an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities
• Tracking, documenting, and reporting incidents to appropriate organizational officials and/or authorities
• Testing the organizational incident response capability