SOC 2 Readiness Control
Incident Response
Defined roles, runbooks, and communication plans to handle security incidents quickly and consistently.
Why auditors care
Playbooks and rehearsals
Demonstrate clear ownership, evidence, and cadence to show this control operates consistently.
What to implement
- •Assign an owner and set a review cadence.
- •Document the policy, procedure, and escalation path.
- •Track exceptions with remediation dates.
Evidence auditors expect
- •Dated records of reviews or approvals.
- •Screenshots/exports showing configurations and coverage.
- •Tickets proving remediation or follow-up.
Common mistakes
- •Unowned control with no cadence.
- •Evidence not tied to who/when/what changed.
- •No process for exceptions or emergency changes.
FAQ
Auditor focus
Documented plan, roles, tabletop results, and evidence of lessons learned or follow-up tasks.
Mistakes
No rehearsals, unclear severity levels, or missing customer notification paths.