← Glossary·Security

Incident Response (IR)

SOC 2ISO 27001HIPAAPCI DSSGLBA

Documented, tested process for detecting, containing, eradicating, and recovering from security incidents.

Incident Response is the documented, exercised process for handling security incidents — typically following NIST SP 800-61 phases: Preparation, Detection & Analysis, Containment-Eradication-Recovery, and Post-Incident Activity. Tabletop exercises evidence ongoing capability.

Why it matters
Untested IR plans fail under pressure. Regulators (HHS, FTC, state AGs) increasingly probe for tabletop frequency and lessons-learned documentation.

Related terms

Breach Notification
Legal duty to notify regulators and affected individuals after a security incident affecting personal data.
Tabletop Exercise
Discussion-based simulation walking through a hypothetical incident scenario with the response team.
Business Continuity & Disaster Recovery (BC/DR)
Tested plans to maintain or restore operations after disruptive events; measured by RTO/RPO.

Does your program actually cover Incident Response (IR)?

Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free SOC 2 auditBack to glossary