Build a written incident response plan that follows the NIST SP 800-61 lifecycle — CSIRT roles and contacts, a SEV1–SEV4 severity matrix, detection and triage, containment / eradication / recovery, an escalation and breach-notification matrix (incl. GDPR 72-hour duty and your cyber-insurer), and post-incident lessons learned. Exports to Word.
⚠️ This generator produces a template structured on the NIST SP 800-61 incident-response lifecycle: the four phases — Preparation, Detection & Analysis, Containment/Eradication/Recovery and Post-Incident Activity — defined in Rev. 2 (Computer Security Incident Handling Guide), reflected against the six CSF 2.0 functions (Govern–Identify–Protect–Detect–Respond–Recover) of Rev. 3 (2025, Incident Response Recommendations and Considerations for Cybersecurity Risk Management), which superseded Rev. 2. It is not legal advice and is not an official NIST document. Breach-notification duties vary by jurisdiction — GDPR requires notifying the supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware (Art. 33); US state laws, sector rules (HIPAA, GLBA, SEC) and the cyber-insurance policy impose their own deadlines. Confirm the current obligations with your DPO / legal counsel and your carrier, and have a competent person validate the plan and test it with a tabletop exercise.