Responsible team identification
Internal Incidence management organization is part of the policy documentation.
A documented cyber incident Response Policy communicates to its employees and supervisory authorities on how a cyber security incident is to be managed such that there is minimum disruption in business and loss of data. Incident response (IR) policy is a documented information on the security policies and procedures that the organization follows to identify, contain, and eliminate cyberattacks. Along with the policy, an Incident Response Organization needs to be set-up and documented. The policy must clearly document relevant and timely action which its employees need to take in the event of a security incident.