Organizations can use this Enterprise Incident Response Policy to develop a consistent process for responding to and recovering from security incidents.  

Under this policy, although the approach to all incidents is similar, the steps taken to address specific incidents may differ depending on the incident's actual nature. Any incidents requiring the need to exercise the disaster recovery plan should be managed through a disaster recovery process. An incident that does not meet the requirements for launching an incident response program should be referred to the normal remediation and compliance processes.