The IRP is your go to document, and it should:
- Identify members of the incident response team;
- Establish alternate members in the event someone cannot fulfill their obligations for whatever reason;
- Include contact information (work, cell, home) for team members;
- Establish and define roles and responsibilities of the team and its members in the event of a privacy breach;
- Identify and describe both internal and external capabilities;
- Include decision trees;
- Identify a notification/escalation process; and
- Include Incident Report Forms for gathering evidence and tracking the investigation.
