In plain English
Incident response is what happens after something goes wrong. A tested incident response plan ensures that when a breach occurs, the right people take the right actions in the right order — containing the damage quickly, preserving evidence for investigation, meeting legal notification obligations, and restoring operations as fast as possible.
Full definition
A complete incident response lifecycle has six phases: Preparation (plans, playbooks, retainers), Identification (detecting and confirming an incident), Containment (isolating affected systems to stop spread), Eradication (removing the threat — , backdoors, compromised accounts), Recovery (restoring systems from clean backups), and Lessons Learned (post-incident review and remediation).
Under the , organisations may have as little as 30 days to notify the and affected individuals after becoming aware of a qualifying breach. An active incident response retainer with IronSights provides guaranteed SLAs for response, pre-negotiated access to forensic tooling, and legal-ready evidence preservation.