Resources
← Back to all resources
Policy

Incident Response Policy Template

Define how your team handles IT incidents — from detection to resolution to post-mortem.

Purpose

This policy defines the process for detecting, reporting, responding to, and recovering from IT incidents to minimise impact and prevent recurrence.

Incident Severity Levels

  • SEV-1 (Critical): Complete system outage affecting all users. Response within 15 minutes.
  • SEV-2 (High): Major system impairment affecting a department. Response within 30 minutes.
  • SEV-3 (Medium): Partial impairment, single user critical. Response within 2 hours.
  • SEV-4 (Low): Minor issue, non-critical. Response within next business day.

Response Flow

  1. Detection & Reporting: Any employee can report an incident via helpdesk, phone, or in-person.
  2. Triage & Classification: Classify by severity and category. Notify Incident Commander for SEV-1/2.
  3. Containment: Immediate action to limit damage. Isolate affected systems. Revoke compromised credentials.
  4. Investigation & Root Cause: Gather logs and evidence. Identify root cause. Document findings.
  5. Recovery: Apply fix. Restore from backup if needed. Verify functionality. Communicate resolution.
  6. Post-Incident Review: Document lessons learned. Update procedures. Schedule follow-up actions.

Put this into practice with workro desk.

Create your workspaceMore free resources