Incident Response Program Documents

Accelerate your incident response program

Building Incident Response (IR) teams and conducting IR investigations is a core competency of ours. Having conducted thousands of IR cases for law enforcement, the federal government, private companies, and national security programs, we created these documents out of real-world use cases. These documents have been used as part of IR programs globally, have been through countless audits and assessments, and meet best practices and standards such as NIST, the CIS Critical Security Controls, ISO, SOC, and others.


Beyond our years of experience, Natsar has the education and certifications to match our real-world experience. This ensures our materials are rooted in the right balance of academic excellence and practical experience. Some of our education and training relative to IR includes:

  • Master’s of Science in Information Security and Assurance
  • Certified Information Systems Security Professional (CISSP)
  • SANS Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA)
  • SANS Global Information Assurance Certification (GIAC) Certified Computer Forensic Analyst (GCFA)
  • SANS Global Information Assurance Certification (GIAC) iOS and MacOS Examiner (GIME)
  • EC-Council Certified Hacking Forensic Investigator (CHFI)

An entire incident response program in a box

Developing an entire IR Program from scratch is a significant undertaking and many organizations lack the resources to develop a robust IR plan, policy, and related documents that have been battle-tested and proven. Don’t spend tens of thousands of dollars on consultants or staff time to develop a program for you when you can start with our documents and with a little customization, have a documented IR program that will meet standards and best practices.


This IR Program in a box contains an organization-wide policy to ensure executive sponsorship, a well-detailed 23-page IR Plan, and multiple checklists, report forms, and templates designed to assist during tabletop exercises and actual IR cases. 


Updated, Relevant, and Customizable Documents

Each policy, procedure, form, or template that we provide was updated in 2022 to ensure conformance with the most up-to-date best practices and standards. The documents are all written in formats that you will have full access to edit and customize (Word, Excel, or PowerPoint). 

Checklists, Forms, & Templates
IR Plan
IR Policy
Exec Briefing Template

Purchase Individually, as a Package, or Bundle with Training

You can purchase our documents individually or save money by purchasing the entire package of incident response documents. For any document(s) you purchase, you will be entitled to any update for one-year after the purchase date.


We will soon be adding an on-demand course for developing an IR program using these documents. When that course is available, it will be possible to bundle the documents with the course. If you would like to be notified when that course is published, click the button below. 

$4.95 - $49.95
Purchase only the policies or forms you need
Download forms immediately
Completely customizable
Updates for 1 year after purchase
Based on best practices
Coming Soon
Best Value
Includes plan, policy, and documents
Video course plus documents
Downloadable MP3 audio of all lessons
Certificate of completion at end of course
Receive continuing education hours
All 16 Documents
Save 15% when bundling
Receive all 16 customizable documents
Download forms immediately
Updates for 1 year after purchase
Based on best practices
  • Incident Response Organizational Policy
  • Incident Response Plan
  • Executive Briefing Presentation Template (PowerPoint)
  • Incident Response Report Template
  • Supplemental IR Report Template
  • Incident Response Overview Sheet
  • Incident Response Collection List – Rapid Forensic Triage
  • Incident Response Collection List – Log Analysis
  • Incident Response Sign-in Sheet
  • Incident Response Checklist – Postmortem Review
  • Incident Response Checklist – Responding Offsite
  • Incident Response Checklist – Public/Media Relations
  • Incident Response Checklist – Communication Log
  • Incident Response Checklist – Communications
  • Incident Response Checklist – CIRT Lead
  • Incident Response – Tracker of Affected Hosts
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Get Added to the Incident Response Course Wait List