Incident response policy
Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy provides a foundation from which to start building your specific procedures.
From the policy:
Whether initiated with criminal intent or not, unauthorized access to an enterprise network is an all too common occurrence. Although network intrusion and protection hardware and software systems can prevent or mitigate many of these incidents, even the best security will suffer a breach at some point. When an intrusion is detected, the incident response team must act quickly to protect the integrity of the enterprise’s data according to the procedures outlined in this policy.
The Incident Response Policy applies to all employees, executives, contractors, and vendors with access to any part of the information technology network of this enterprise, regardless of role. Any intrusion, no matter how it’s discovered, must be reported under the procedures outlined by this policy.