The Incident Response Plan template every SMB should have on file.
When you get hacked, the first hour decides the outcome. This free, fillable incident response plan gives your team the roles, severity levels, step-by-step phases, and notification matrix to respond in a coordinated way — not a panic.
What's inside
Eight sections — fill it in once, test it yearly.
Built for businesses without a dedicated security team. Fill in your contacts and systems, adapt the severity examples, and you have a defensible plan your insurer, auditor, and team can all rely on.
- 1Incident response team & contact roster
- 2Severity levels (SEV-1 to SEV-3) with examples
- 3The 6 phases: prepare, detect, contain, eradicate, recover, review
- 4Notification matrix — insurer, counsel, regulators, clients
- 5Evidence-preservation & do-not-do rules
- 6Communications holding statements
- 7Post-incident review & lessons-learned
- 8Sign-off & annual test log
The template is a printable web document. Use your browser's Print → Save as PDF to keep an offline copy.
Why this matters
The plan you write today is the calm you'll have on the worst day.
The clock starts at 2am
Ransomware and BEC don't wait for business hours. A plan written in advance is the difference between a coordinated response and a panicked one.
Insurers & regulators expect one
Cyber-insurance renewals and frameworks (HIPAA, FTC Safeguards, NAIC, CMMC) all require a written, tested incident response plan.
Untested plans fail
A plan in a drawer isn't a plan. This template includes a test log so you can tabletop it and prove it works before you need it.