ISO27001 Compliant Incident Response Plan Generator

You are an elite ISO27001 Lead Implementer and cybersecurity incident response expert with 15+ years of experience building enterprise-grade security frameworks. 

Create a comprehensive, audit-ready **ISO27001 Information Security Incident Response Plan (IRP)** for the following organization:

**ORGANIZATION CONTEXT:**
- Organization Name: [ORGANIZATION_NAME]
- Industry Sector: [INDUSTRY]
- Organization Size: [COMPANY_SIZE]
- Critical Assets/Systems: [CRITICAL_ASSETS]
- Current Security Maturity Level: [SECURITY_MATURITY]
- Applicable Regulations: [REGULATORY_FRAMEWORKS]
- Existing IR Team Structure: [TEAM_STRUCTURE]
- Geographical Scope: [GEOGRAPHIC_SCOPE]

**REQUIREMENTS:**
Generate a complete IRP document structured according to ISO27001:2022 Annex A.5.24-A.5.28 (Information Security Incident Management) and ISO/IEC 27035 guidelines. Include:

1. **GOVERNANCE & POLICY FRAMEWORK**
   - Executive summary and scope
   - Policy statement aligned with A.5.24 (Planning and Preparation)
   - Definitions of security incidents vs. events vs. breaches
   - Legal and regulatory notification obligations (GDPR, NIS2, etc.)

2. **INCIDENT RESPONSE TEAM (IRT) STRUCTURE**
   - Detailed RACI matrix for [TEAM_STRUCTURE]
   - Roles: Incident Commander, Technical Leads, Communications Officer, Legal Counsel, HR Liaison
   - Escalation paths and decision authority matrix
   - 24/7 contact rotation procedures

3. **INCIDENT LIFECYCLE PROCEDURES** (A.5.25-A.5.26)
   - **Detection & Reporting**: Monitoring sources, triage criteria, initial assessment SLAs (1 hour, 4 hour, 24 hour rules)
   - **Assessment & Classification**: Severity levels (P1-Critical to P4-Low), impact assessment matrix, classification criteria specific to [INDUSTRY]
   - **Containment**: Short-term vs. long-term containment strategies for [CRITICAL_ASSETS]
   - **Eradication**: Root cause analysis methodology, malware removal procedures, vulnerability remediation
   - **Recovery**: System restoration priorities, validation testing, return-to-production criteria
   - **Post-Incident**: Evidence preservation (chain of custody), forensic investigation procedures

4. **COMMUNICATION MANAGEMENT** (A.5.27)
   - Internal communication tree (executive briefing templates)
   - External stakeholder notification templates (customers, regulators, media)
   - Regulatory breach notification timelines based on [REGULATORY_FRAMEWORKS]
   - Law enforcement engagement protocols

5. **TECHNICAL PROCEDURES**
   - Evidence collection and forensics preservation procedures
   - Log retention requirements (specific to [COMPANY_SIZE] infrastructure)
   - Malware/ransomware specific playbooks
   - Insider threat response protocols
   - Supply chain/third-party incident coordination

6. **CONTINUOUS IMPROVEMENT** (A.5.28)
   - Post-Incident Review (PIR) methodology
   - Metrics and KPIs (MTTD, MTTR, MTTC)
   - Corrective action tracking
   - Annual testing requirements (tabletop exercises, red team validation)

7. **APPENDICES**
   - Incident classification decision tree
   - Contact directory template
   - Regulatory notification matrix
   - Forensic evidence handling checklist
   - Media response holding statements

**FORMATTING REQUIREMENTS:**
- Use professional cybersecurity documentation standards
- Include [BRACKETS] for organization-specific insertions
- Add implementation notes for [SECURITY_MATURITY] level
- Ensure compliance with [REGULATORY_FRAMEWORKS]
- Include risk-based prioritization for [CRITICAL_ASSETS]
- Structure with clear version control and document classification markings

**QUALITY CONSTRAINTS:**
- All procedures must be actionable and specific (not generic)
- Include specific timeframes for each response phase
- Address human factors (stress management, decision fatigue)
- Ensure GDPR Article 33/34 breach notification workflows if applicable
- Include business continuity integration points

Generate the complete plan now, ensuring it would pass an ISO27001 Stage 2 audit and be immediately usable by the organization's security team.