Skip to main content
Incident response and recovery

Incident response and recovery

Incident management guidance

Enacting a disaster recovery plan

Containment, mitigation and impact minimisation

NCSC Board Toolkit – NCSC link

Assessing incident severity and damage

Action log template and guidance

NCSC reporting guidance (Police / ICO) – NCSC link and additional links

Restoration processes

        • Replacing hardware and getting prompt approvals
        • Patching / reinstalling software
        • Cleaning infected machines
        • Changing compromised user credentials
        • Using specialist recovery services

Post incident evaluation template