We are open & providing remote audit and compliance services during this national emergency.
Learn more about our Virtual Auditing Services during Covid 19

New White Paper: “The Complete Guide to Enterprise Risk Management” DOWNLOAD NOW
Listen to: "IT Incident Response Plan: Key Steps to Implement"

After training your employees regarding PCI compliance policies and procedures, you are now ready to move onto the next necessary step: implementing an incident response plan. An incident response plan is a crucial part of a cybersecurity risk management program for companies operating in all kinds of industries.

This is an opportune time to create an incident response plan. Following a series of training sessions, employees are on the same page and prepared to recognize security breaches and identified the systems that will be most impacted. In addition, an incidence response plan is also a requirement for PCI DSS requirements, as a PCI assessor will perform an audit to determine its functionality and compliance.

6 Key Steps to Implementing an Incident Response Plan

Creating and implementing an effective incident response plan consists of six key elements. Addressing all these phases helps ensure that your business will be fully prepared, understanding their roles when a cybersecurity risk appears. In addition, employees can more efficiently implement required operations in order to mitigate damage to information systems and immediately secure networks.


If you have made training mandatory, your employees should already be fully aware of their roles and responsibilities, as well as the set data security protocols. Now is the time to put that knowledge to the test.

Mock security breaches and drills will help to comprehensively evaluate how your employees put the incident response plane into action. This gives management the opportunity to note the strengths and weaknesses of the plan while making goals for remediation and improvement.

You should also ensure that all resources and funding for the response plan is available when needed. A major issue that businesses face is finding out too late that the budget wasn’t set aside to handle cybersecurity risks, as employees lack the appropriate software and hardware to use.


The plan should address all identification factors to determine a breach. Since a data breach can occur at several different points within information systems and networks, the incident response plan should focus on identifying when the breach occurred, how and who discovered the breach, what areas were impacted, and the effect on operations. Employees should also determine where the information breach first started.


Often, employees scramble to delete information regarding a breach, thinking that it will help firm up security. Yet this would actually be removing valuable information needed to identify the data breach and prevent future ones.

The next step in the incident response plan should focus on full containment to minimize further damage. To do this, it’s ideal to develop both short-term containment methods and long-term containment methods. While breach containment is taking place, having a secure backup system can ensure operations proceed with little down-time so you can successfully recover all information and data.


Once the breach has been contained and analyzed, it is now time to eliminate any malware or vulnerabilities that are present. Your employees will be able to patch all the vulnerabilities that were discovered during the identification process. If you plan on hiring a third-party company to handle the breach containment and elimination, always ensure that their work is thorough and leaves no gaps in your cybersecurity protocols.


Once verifying that all breaches have been addressed, you can start the system recovery phase. You want to not only restore your systems but test them to ensure all patches and security measures are adequate. Then the system needs to be carefully monitored to ensure stability and determine if any further security breaches are being waged against the system.


With the incident response plan completed, a team meeting should be conducted to discuss the details of what was learned regarding the security breach. Every aspect of the response actions should be documented and evaluated to see if any improvements are appropriate. This technique helps to strengthen all protocols and response plan actions so that your organization has solid policies in place.


A PCI assessor should be used to conduct a PCI DSS audit regarding your cybersecurity risk policies. The assessor will also evaluate your incident response plan to ensure that it will be fully functional when implemented. During the auditing process, your team can take advantage of the opportunity to search for further procedural gaps and fix them to further fortify the system.

Related article: read about PCI DSS 4.0 Is Expected to Change in 2020.

If your organization is in need of a PCI DSS audit, contact I.S. Partners at 215-675-1400. You can also receive a quote by using our contact form.

Get Hassle-free Pricing in 3 Easy Steps

Request a quote using the form below
Allow us to create a customized plan
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 642-2230

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.


Great companies think alike!

Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal