An incident response plan is a crucial document that outlines a company’s planned reaction to a security incident. This plan is not limited to data breaches but also covers investigations aimed at determining if there was any security attack and who or what was involved. The process of determining if there was any data exfiltration is also part of the investigation. By having an incident response plan in place, companies can respond promptly and decisively when a security incident occurs. Elements of the plan may involve temporarily revoking widespread access, shutting down systems, notifying stakeholders, and establishing processes for re-establishing access, re-evaluating policy and process, remediation, backup, and recovery.