Free template
Incident Communications Plan Template
Keep incident updates consistent, timely, and approved with a clear Incident Communications Plan Template.
Downloaded 3441 times
Download template
Incident Communications Plan Template
This Incident Communications Plan (the “Plan”) is maintained by [Company Name] and is effective as of [Effective Date].
1. Purpose
1.1 Purpose. This Plan defines how [Company Name] will communicate during security incidents to provide accurate updates, protect sensitive information, and meet contractual and legal obligations.
1.2 Scope. This Plan applies to suspected or confirmed incidents involving: ☐ Security ☐ Privacy ☐ Availability/Outage ☐ Fraud ☐ Other: [Define].
2. Communication Goals
2.1 Accuracy First. Share verified information and clearly label unknowns.
2.2 Speed with Control. Provide timely updates using approved channels and an approval workflow.
2.3 Consistency. Ensure all messages align to a single source of truth.
2.4 Confidentiality. Limit operational details that could increase risk or harm investigations.
2.5 Empathy and Clarity. Use plain language and clear next steps for affected audiences.
3. Roles and Responsibilities
3.1 Incident Commander. Owns operational facts, timeline, and response coordination: [Name/Role].
3.2 Communications Lead. Owns messaging, cadence, and channel execution: [Name/Role].
3.3 Legal Counsel. Reviews external communications and notification obligations: [Name/Role].
3.4 Privacy Officer (Optional). Advises on personal data and breach determinations: [Name/Role].
3.5 Executive Sponsor. Approves major external statements and strategic decisions: [Name/Role].
3.6 Customer Support Lead. Prepares support macros, escalation paths, and frontline responses: [Name/Role].
3.7 HR Lead (If Employee Impact). Coordinates employee messaging: [Name/Role].
4. Communication Channels
4.1 Internal Channels.
Incident channel (chat): [Slack/Teams channel]
Email distribution list: [List]
War-room bridge: [Phone/Zoom link]
Incident tracker: [Jira/ServiceNow link]
4.2 External Channels.Customer email notifications
Status page: [URL or platform]
Customer portal announcements
Support ticket responses
Press statement / media outreach (if needed)
Regulator submissions (if required)
5. Audiences and Messaging
5.1 Internal Audiences.
Executive team
Security/IT teams
Customer support
Sales/Account managers
All-hands (if needed)
5.2 External Audiences.Impacted customers
All customers (if broad impact)
Vendors/partners
Regulators (if required)
Media/public (if required)
5.3 Message Principles.What happened (high level)
What we are doing
What customers should do (if anything)
What we know vs. what we are investigating
When the next update will be provided
6. Approval Workflow
6.1 Internal Updates. Approved by: ☐ Incident Commander ☐ Security Lead ☐ Other: [Define].
6.2 External Updates. Must be approved by: ☐ Legal ☐ Communications Lead ☐ Executive Sponsor (SEV-1/SEV-2) ☐ Other: [Define].
6.3 No Unauthorized Statements. No employee may make public statements or post incident details externally without written approval.
6.4 Recordkeeping. Store all final messages and drafts in: [Secure location].
7. Update Cadence
7.1 Initial Notification (Internal). Within [] minutes of SEV-1/SEV-2 declaration.
7.2 Executive Updates. Frequency: ☐ Hourly ☐ Every [] hours ☐ Daily.
7.3 Customer Updates. Frequency depends on impact: ☐ Every [] hours ☐ Daily ☐ Milestone-based.
7.4 Status Page Updates. Frequency: [] minutes/hours while active incident.
7.5 All-Clear Notice. Send after confirmed containment and stability: ☐ Yes ☐ No ☐ Case-by-case.
8. Message Templates (Short Form)
8.1 Internal Update Template.
Incident ID: [__]
Severity: [__]
Current status: [Investigating/Identified/Monitoring/Resolved]
Systems impacted: [__]
Customer impact: [Yes/No/Unknown]
Actions taken: [__]
Risks/unknowns: [__]
Next update: [Time]
8.2 Customer Update Template (High-Level).
Summary: [High-level description]
Impact: [What users may experience]
What we’re doing: [Actions]
What you can do: [Steps, if any]
Next update: [Time/date]
Support contact: [Email/Portal]
8.3 Media Holding Statement (Optional).
“We are investigating a security incident. Our team is working to contain it and determine scope. We will provide updates as appropriate.”
9. Coordination With Legal and Privacy
9.1 Breach Determination. Legal/Privacy determines whether incident is a reportable breach and the required timelines.
9.2 Preserve Privilege (Optional). Engage outside counsel as needed to preserve privilege and direct forensics.
9.3 Regulatory Notifications. Prepared by: [Legal/Privacy], submitted by: [Role].
9.4 Contract Notices. Customer contract notice timelines tracked by: [Role/Team].
10. Post-Incident Communications
10.1 Final Customer Summary (If Needed). Provide a wrap-up including what happened, what was impacted, what was done, and preventive steps.
10.2 Internal Debrief. Share lessons learned and process improvements after the incident is closed.
10.3 FAQ Updates. Update support macros and documentation as needed.
11. Recordkeeping
11.1 Communications Log. Maintain a log of: what was sent, to whom, when, and approvals obtained.
11.2 Retention. Retain communications records for: [__] years or per policy.
11.3 Confidentiality. Communications drafts and approvals are confidential and shared on a need-to-know basis.
Signatures
By signing below, the undersigned acknowledge and adopt this Incident Communications Plan.
Communications Owner: [Name]
Title/Role: [Title]
Date: [Date]
Signature: ___________________________
Legal Reviewer (Optional): [Name]
Title/Role: [Title]
Date: [Date]
Signature: ___________________________
Executive Sponsor (Optional): [Name]
Title/Role: [Title]
Date: [Date]
Signature: ___________________________
Flash deal
Flash deal
Today
Today
No time to fill it up? Generate your custom agreement with AI Lawyer in seconds
What’s Included
Legal Research
Legal Research
Legal Research
Contract Drafting
Contract Drafting
Contract Drafting
Document Review
Document Review
Document Review
Risk Analytics
Risk Analytics
Risk Analytics
Citation Verification
Citation Verification
Citation Verification
Easy-to-understand jargon
Easy-to-understand jargon
Easy-to-understand jargon
Details
Learn more about
Incident Communications Plan Template
Click below for detailed info on the template.
For quick answers, scroll below to see the FAQ.
Click below for detailed info on the template.
For quick answers, scroll below to see the FAQ.
INCIDENT COMMUNICATIONS PLAN TEMPLATE FAQ
What is an incident communications plan?
An incident communications plan is an internal document that defines how your organization communicates during a security incident. It sets who can speak externally, what channels to use, how often to send updates, and how messages are approved so teams avoid confusion, leaks, and inconsistent statements.
When should you use an incident communications plan?
Use it when an incident is suspected or confirmed and the response involves multiple teams (security, IT, legal, leadership, support, PR). It’s especially useful when customer impact is possible, systems are down, or the incident may trigger contractual or regulatory notices.
Who owns communications during an incident?
Typically a communications lead (PR/comms) owns messaging and cadence, while legal/privacy approves external statements, and the incident commander ensures updates reflect the latest operational facts. This template lets you assign each role clearly.
What should be included in the plan?
It should include communication goals, audiences (internal teams, customers, regulators, partners), approved channels, update cadence, approval workflow, spokesperson rules, message templates, and a single source of truth for incident facts.
How do you avoid misinformation during an incident?
Use a single source of truth (incident summary), restrict who can post externally, label facts vs. assumptions, and require approvals before sending customer-facing or public messages. Also keep detailed timestamps so you can correct statements quickly if facts change.
What is AI Lawyer?
AI Lawyer is an AI-powered assistant that helps you create and customize legal and business document templates online. It guides you through key sections, suggests wording, and explains complex concepts in simple language. AI Lawyer does not replace a licensed attorney or provide legal advice, but helps you prepare better documents faster and more confidently.
Similar templates
Other templates from
Policy and Compliance Documents
Money back guarantee
Free trial
Cancel anytime
AI Lawyer protects
your rights and wallet
Money back guarantee
Free trial
Cancel anytime
AI Lawyer protects
your rights and wallet
Money back guarantee
Free trial
Cancel anytime
AI Lawyer protects
your rights and wallet
Money back guarantee
Free trial
Cancel anytime