Incident Response Plan (IRP) and the business continuity plan (BCE) documents are two key BCEM documents. The IRP includes containment, mitigation, communication, eradication (malware events), and after action improvement activities. The BCP includes all documentation necessary to mitigate business impact and to recover broken processes. In the next article, I step through building an IRP, assembling a response team, team training, and plan testing and improvement. The combination of the IRP and the BCP should result in minimal business impact, process recovery within MTDs, and a final review of root causes as well as how the teams might do better next time.”]