Playbook
Incident Response Runbook
Security
6 min read
The 5 phases
- Detect
- Contain
- Eradicate
- Recover
- Learn (blameless postmortem within 5 business days)
The one-page format
Roles: incident commander, comms lead, tech lead, legal contact. Contact tree with backups. Regulator notification thresholds (GDPR 72 hours, CCPA 45 days).
Rehearsal cadence
Tabletop every quarter. Full simulation annually.
Newsletter
The Operator Memo
Bi-weekly notes on fractional hiring and executive playbooks.
No spam · Unsubscribe anytime