Incident response plan
An incident response plan outlines how an entity will respond to a fraud incident.
Why this countermeasure matters
The lack of an incident response plan may lead to:
- intelligence and investigation processes being uncertain or less effective
- poor decision-making and mistakes during the response
- increased financial and reputational damage
- less effective disruption and prosecution efforts
- delays in responses
- uncertainty over responsibility
- inconsistent decision making
- information and responses not being recorded or shared.
How you might apply this countermeasure
Some ways to implement this countermeasure include creating incident response plans like:
- a Cyber Security Incident Response Plan
- a Data Breach Preparation and Response Plan
- an Incident Response Plan for serious cases of fraud or corruption.
How to check if your countermeasures are effective
The following are some ways to measure the effectiveness of this type of countermeasure.
- Confirm it is clear when the plan would be triggered.
- Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
- Confirm that the plan and documentation would be easily accessible when required.
- Confirm that the plan shows a timely and standard response to major incidents.
- Confirm that the plan clearly defines command and control structures for:
- actions, mitigations and remediation
- communication such as with staff or the public
- engagement with Ministers, stakeholders and partner entities.
- Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
- Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
- Check that the plan is regularly reviewed/tested, including post-incident reviews.
This type of countermeasure is supported by: