← All templates
Operations · Policy template

Incident Response Policy

Auditors and regulators expect a documented, practised incident process. This template provides the phases and roles to build one.

FreeGet the "Incident Response Policy" template

We'll email you a copy and occasional practical compliance guidance. No spam — unsubscribe anytime.

[Organisation] · Incident Response Policy
Version 1.0 · Owner: [Role] · Approved: [Date] · Classification: Internal

Purpose

To ensure security incidents are handled consistently to minimise impact and meet reporting obligations.

Scope

Applies to all suspected or confirmed security incidents affecting [Organisation] information, systems or personnel.

Incident phases

  • Identification: anyone can report a suspected incident to [contact/channel].
  • Triage & classification: severity assigned based on impact and urgency.
  • Containment: limit spread and preserve evidence.
  • Eradication & recovery: remove the cause and restore services safely.
  • Post-incident review: root cause, lessons learned and corrective actions.

Reporting obligations

Incidents involving personal data are assessed against DPDP / applicable breach-notification timelines and reported to the relevant authority and affected individuals where required.

Roles & responsibilities

  • Incident lead: coordinates the response and communications.
  • IT/Security: performs technical containment and recovery.
  • Management/Legal: handles regulatory and external notifications.

Review

Reviewed annually and tested through tabletop exercises.

Template provided by CyberSigma for adaptation. Replace bracketed placeholders and tailor to your environment before adopting. This is guidance, not legal advice.

Want this tailored and audit-ready?

Our CERT-In empanelled auditors can build your full policy set and align it to PCI DSS, ISO 27001, SOC 2 or DPDP.

Talk to our team →