Purpose
To ensure security incidents are handled consistently to minimise impact and meet reporting obligations.
Scope
Applies to all suspected or confirmed security incidents affecting [Organisation] information, systems or personnel.
Incident phases
- Identification: anyone can report a suspected incident to [contact/channel].
- Triage & classification: severity assigned based on impact and urgency.
- Containment: limit spread and preserve evidence.
- Eradication & recovery: remove the cause and restore services safely.
- Post-incident review: root cause, lessons learned and corrective actions.
Reporting obligations
Incidents involving personal data are assessed against DPDP / applicable breach-notification timelines and reported to the relevant authority and affected individuals where required.
Roles & responsibilities
- Incident lead: coordinates the response and communications.
- IT/Security: performs technical containment and recovery.
- Management/Legal: handles regulatory and external notifications.
Review
Reviewed annually and tested through tabletop exercises.
Template provided by CyberSigma for adaptation. Replace bracketed placeholders and tailor to your environment before adopting. This is guidance, not legal advice.
