Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

04) Does your organisation's Incident Response Plan include roles and responsibilities in the event of an incident?

January 30, 2023
Business Resilience
Incident Response Plan
Roles and Responsibilities

Answer yes if your organisation's Incident Response Plan contains a section defining roles and responsibilities in an information security event. Please reference the section of any previously provided plan in the notes.

An incident response plan is a crucial document that outlines the operational steps that must be taken when an unexpected or disruptive event occurs. The plan can be invoked for both security and non-security incidents and should be an organic and operational document used to restore service and coordinate a response.

The plan should define the roles and responsibilities held during the response to an incident. For larger organisations, best practice advice is to define the roles and responsibilities aligned with a gold-silver-bronze command structure. This allows your response to incidents to be flexible yet effective, and splits the strategic, tactical, and operational responsibilities accordingly.

The plan should reference roles and job titles rather than employee names as this allows the plan to be maintained regardless of employee turnover.

When considering roles and job titles, best practice is to consider:

  • flexibility in assignment of responsibilities to adapt to a range of incident types, for example starting with a core team and inviting others as needed;
  • delegates who may step up in the event of key person absence.

The plan should also make clear who has authority to invoke an incident, and should include some flexibility in case specific people are not contactable during the time of the incident.

How to implement the control

Ensure that your plan defines the roles and responsibilities held during the response to an incident. It is helpful to reference primary and secondary contact details for the people that hold these roles.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.