← All guides
Governance · 6 min read

Incident Response Plan Guide

The worst time to design your response is during an incident. A tested plan turns chaos into a process.

FreeGet "Incident Response Plan Guide" as a PDF

Plus occasional, practical compliance guidance from our senior auditors. No spam — unsubscribe anytime.

1. The phases

  • Preparation, detection and analysis.
  • Containment, eradication and recovery.
  • Post-incident review and improvement.

2. Roles and contacts

Define who decides, who communicates, and who to call (legal, forensics, regulators). Pre-agree escalation and authority.

3. Meet reporting deadlines

Know your obligations — e.g., CERT-In’s 6-hour reporting, DPDP breach notification, RBI/sector rules — and build them into the plan.

4. Test it

Run tabletop exercises. A plan that has never been rehearsed rarely survives contact with a real incident.

How CyberSigma helps

We build and exercise your incident-response plan, including regulatory reporting workflows and tabletop simulations.

This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.

Turn this guide into a plan

Our CERT-In empanelled auditors can take you from reading about it to certified — with a scoped, guided programme.

Book a consultation →