1. The phases
- Preparation, detection and analysis.
- Containment, eradication and recovery.
- Post-incident review and improvement.
2. Roles and contacts
Define who decides, who communicates, and who to call (legal, forensics, regulators). Pre-agree escalation and authority.
3. Meet reporting deadlines
Know your obligations — e.g., CERT-In’s 6-hour reporting, DPDP breach notification, RBI/sector rules — and build them into the plan.
4. Test it
Run tabletop exercises. A plan that has never been rehearsed rarely survives contact with a real incident.
How CyberSigma helps
We build and exercise your incident-response plan, including regulatory reporting workflows and tabletop simulations.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
