An “incident response plan”, or IRP, is an in-house plan consisting of a pre-made list of relevant contacts and tasks that need to be completed when there is a major incident, such as a data breach. An incident response plan needs to include the contact information for legal and other relevant departments, procedures for assessing the severity of the incident, drafts of notifications to relevant audiences including public relations and law enforcement if applicable, and steps to close the incident.