Phase C is the desired state that I think can be another way we fight the fires within the organization, as well as prepare our home with fire extinguishers and other countermeasures prior to fires starting in the first place. In the final phase of this Capability Maturity Model, we see a full integration of information between capabilities: 

• Proactive: Users are aware of threats that may impact the organization and report them through IT ops
• Receives customized threat intelligence: The incident response capability receives customized threat intelligence 
• Has the ability to anticipate action based on verifying the legitimacy of external incident and event information: Threat intelligence information is analyzed in conjunction with continuous monitoring for evaluation against normal baselines
• Established KRI thresholds for specific events/actions with IT ops: KRIs are developed, defining incidents and events

RASCI matrices are developed for threat scenarios in the IR playbook: