When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to assign incident response roles, escalation contacts, communications responsibilities, and decision authority before an incident happens.
Roles matrix
| Role | Named owner/function | Responsibility | Backup | Contact method |
|---|---|---|---|---|
| Incident manager | Coordinate response and decisions | |||
| Technical responder | Investigate, contain, eradicate, recover | |||
| Business owner | Assess business impact and priorities | |||
| Communications lead | Coordinate internal/external messaging | |||
| Legal/privacy lead | Assess legal and notification obligations | |||
| Management sponsor | Approve major decisions and resources | |||
| Evidence custodian | Preserve logs and records | |||
| Supplier/cloud contact | Coordinate third-party incident updates |
Communication checklist
- Internal escalation path defined.
- Supplier/cloud contacts defined.
- Legal/privacy notification assessor defined.
- Customer/regulator communication owner defined.
- Management update cadence defined.
- Secure incident communication channel defined.
Related notes
- Template
- Incident management
- Communications
- Iso27001
Note Metadata
Aliases: Incident RACI
Source: 90 Templates/Incident Roles and Communications Matrix.md
Related Notes
- ISO 27001 A.5.24 - Information Security Incident Management Planning and Preparation
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- A.5.24 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO27001-A.5.24 Information Security Incident Management Planning and Preparation
- A.5.24 Audit Checklist
- Incident Management Plan
- Template - RACI Matrix
- Templates MOC