Control: The organisation:
A. Develops an incident response plan that:
- Provides the organisation with a roadmap for implementing its incident response capability;
- Describes the structure and organisation of the incident response capability;
- Provides a high-level approach for how the incident response capability fits into the overall organisation;
- Meets the unique requirements of the organisation, which relate to mission, size, structure, and functions;
- Defines reportable incidents;
- Provides metrics for measuring the incident response capability within the organisation;
- Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
- Is reviewed and approved by [Assignment: organisation-defined personnel or roles];
Incident Response Plan Supplemental Guidance:
It is important that organisations develop and implement a coordinated approach to incident response. Organisational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, organisations consider the coordination and sharing of information with external organisations, including, for example, external service providers and organisations involved in the supply chain for organisational information systems.