Incident Response Policy Training

Hierarchy of Priorities

Before responding to any incident, you must understand what matters most. The company has established a strict hierarchy of priorities to guide decision-making during crises.

No matter what the incident is—from an environmental disaster to a severe data breach—this order never changes.

Knowledge Check

During an incident such as a severe equipment fire in the server room, what is the absolute highest priority?

The Incident Response Lifecycle

All incidents will follow a core, general process to ensure consistent resolution. A dedicated Governance Team (including the CEO and Finance Analyst) is convened to make communication and response decisions.

The standard process consists of four distinct phases:

Phase 1: Identification

The goal of Identification is to control risk and exposure so that subsequent escalation and investigation may proceed promptly, with complete evidence intact.

Incidents can be identified by automated monitoring systems or by any employee. When an employee spots an incident, they must immediately follow the escalation chain:

Note: If the immediate supervisor cannot be located, the employee should report directly to the Principal (CEO) or their designate.

Knowledge Check

Who should an employee immediately notify if they manually identify a security or operational incident?

Phase 2: Containment & Investigation

Once identified, the team shifts to Containment. The primary goal is to minimize the risk of accelerated damage and reduce the impact on customers and systems.

• Evidence Collection: We must preserve the audit trail. Evidence is collected to track the events that led to the incident.
• Analysis & Investigation: The goal is to determine the root cause, not to lay blame.

While the investigation does not seek to lay blame, if the root cause is determined to be a case of negligence or deliberate action by an employee, they may be subject to disciplinary action, up to and including termination.

Phases 3 & 4: Mitigation, Recovery, & Post-Mortem

In the final phases, appointed staff deploy controls to mitigate risk and fully rebuild the damaged systems.

After recovery, the Governance Team schedules a Post-Mortem to discuss how to stop a similar incident from happening again. Solutions are devised and implementations are tracked.

Documentation & Signoff:

• Incidents are formally managed and tracked in the corporate Jira instance on the ISR board.
• The incident documentation must be reviewed and signed off by the Director of IT (or their designate) and the parties responsible for remediation.

Key Takeaways

• Safety First: Health and safety of employees and guests always supersedes protecting data, IP, or equipment.
• 4 Core Phases: Identification → Containment → Mitigation/Recovery → Documentation.
• Escalate Immediately: Always report incidents directly to your immediate supervisor.
• Root Cause Focus: Containment and investigations prioritize finding the root cause while preserving audit evidence, not laying blame.
• Formal Tracking: All incident lifecycles conclude with a Post-Mortem, Jira tracking, and signoff by the Director of IT.

Assessment Intro

You have reviewed the core elements of the Incident Response Policy. You will now complete a short, 4-question assessment.

You must score at least 80% to pass and receive your certificate.

Question 1 of 4

According to the hierarchy of priorities, what is the secondary priority during an incident, immediately following health and safety?

Question 2 of 4

What is the primary purpose of the investigation during the containment phase?

Question 3 of 4

Where are incidents to be formally managed and tracked according to the policy?

Question 4 of 4

Who must formally sign off on the Documentation of the Incident Responses Process upon completion?

Assessment Complete