Loading images...

Security Incident Response Plan & Testing

Two of our most popular privacy and security consulting engagements are for Security Incident Response Plan Development & Testing and Security Risk Analysis. The steady rise of cyberattacks raises the bar for information security – not to mention that an IRP is a requirement of both ISO 27001 certification and the HIPAA Security Rule – which means you need to know who to call, email and notify when a breach occurs, without delay!

Give yourself a quick “Security IRP Evaluation”: When was the last time you tested your security incident response plan? 

  1. Within the past six months. Congratulations. You’re well ahead of 80% of your colleagues.
  2. Within the past year. You’re still ahead of about 50% of your colleagues, but schedule your next test now.
  3. Never, I don’t have one, or I don’t know. You’re out of compliance and ripe for a data breach disaster. (Think headlines: Ransomware, lost laptop, phishing scam.)

Apgar & Associates Develops & Tests your Security Incident Response Plan (IRP)

A security incident is not necessarily the same as a data breach. While incidents need to be assessed and risks mitigated, every incident does not need to be reported. PHI, PII and cardholder data breached must be assessed and require different response steps. We assure that your IRP reflects what to do when each occurs. Developing the IRP includes:

  • Determining executive sponsorship
  • Defining cross organizational goals
  • Defining IRP scope
  • Cross-functional resource commitments
  • Plan ownership & team leadership
  • Roles & responsibilities of stakeholders

Apgar & Associates develops the plan and takes your Security Incident Response Team through each step so you know how to properly respond to security incidents and data breaches. We use and recommend the “PERFCIF” Model, developed by the SANS Institute:

  • Prepare
  • Identify
  • Contain
  • Eradicate
  • Recover
  • Follow-up

Remember that IRPs rely on key individuals responding the right way every time. Once we help you get your IRP in place, you’ll need to review, test and train your response team members at least annually. You’ll also want to review the IRP every time there’s an incident. Get started today with a call to the privacy and security specialists at Apgar & Associates: 877-376-1981.


"Simply, Chris is one of the country's top, most trusted, reliable and knowledgeable privacy and security compliance experts. He's also worked on multiple audio conferences and webinars with me for HCPro and consistently earns high praise from listeners in post-show surveys."

Dom Nicastro

Mailing & Office Address

Apgar and Associates, LLC
P.O. Box 80278
Portland, OR 97280
p 503-384-2538
p 877-376-1981




7100 SW Hampton St.
Suite 137
Tigard, OR 97223