Cyber security incident response policy

This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident.

Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal contract: it is a cheat sheet, helping its users react fast, and in the way that your organisation has planned. It may, as a first attempt, help organisations who are yet to plan for a cyber incident explore what they might need to do in the case of a breach. Unlike policies for IT system users, which are often hidden away in employee handbooks etc., you may wish to place all or part of this policy in a prominent location, on employee noticeboards etc. so that it is easy to find.

It will result in a short document outlining: (i) some things for policy users to look out for, which may signal that the system has had a cyber security breach; (ii) what a policy user should do if they make a mistake; (iii) who within the organisation is notified in the case of a breach; (iv) what the responsibilities of each individual notified will be (so that no critical activity is missed and the people notified do not duplicate tasks for example, the last thing your organisation needs during a breach is two spokespeople telling the press conflicting information!)

This document was created and is maintained by Emma Osborn, an independent cyber security consultant specialising in the support of smaller organisations as they develop their cyber security processes. Visit https://www.ocsrc.co.uk for more information.

Ask about this document

Cyber security incident response policy contents

Introduction : security incidents are a significant risk; security breach recognition; cyber breaches are common; responding as fast as possible is key.
Who you should contact if you think there's been cyber security incident?: appointed person for security incidents.
What might indicate that there has been a breach?: when cyber security breach occurs.
What do I do if I make a mistake?: mistakes.
I'm the incident coordinator, who do I notify, what are their roles?: who to notify upon discovery of breach indicator; informing ICO of data breach.
What are the responsibilities of the members of the incident response team?: technical incident response; data protection officer incident responsibilities; cyber insurance incident responsibilities; communications incident responsibilities; senior management incident responsibilities; operations managers incident responsibilities.

Cyber security incident response policy document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Cyber security incident response policy document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.0
First published	8 May 2018
Last updated	9 May 2018
Law	Neutral
Language	English (UK)
^†Word count	1,460
^†Template pages	2

† These figures are approximations.

Data protection law Industry Policy

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.

Cyber security incident response policy

This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident.

Cyber security incident response policy contents

Related documents