Can your board show who decided what during the first hours of a cyber incident?
Cyber incidents expose ordinary governance gaps fast - who declares the incident, who commands the response, when the board is notified, who approves external communications, and how each decision is recorded.
The Cyber Incident Response Plan gives boards and executives a clear structure for incident authority, board notification, evidence records and recovery oversight before response choices narrow.
Informed by ISO 27035, ACSC guidance, ASIC cyber resilience expectations and Australian board governance practice.
Real-World Triggers
Cyber incident response becomes a board question when someone outside the organisation asks for evidence:
- an insurer asks how the CIRP has been reviewed and tested
- a regulator, funder, lender or major client asks how cyber incidents are escalated
- a ransomware, extortion or vendor incident creates a notification decision
- due diligence exposes gaps in incident authority and recovery planning
- a new Chair, ARC Chair, CEO, CFO or Company Secretary asks who owns the response
- management says the IT provider or cyber insurer "has this covered", and no one can explain the board's role
- the current CIRP exists, but board notification, executive authority and incident records are unclear
The CIRP gives the board and executive team a clear response structure before authority, notification and evidence decisions need to be made live.
What This Solves
Cyber incident response breaks down when authority is assumed instead of defined.
The practical problems are:
- no agreed trigger for declaring a cyber incident
- unclear authority between the Incident Lead, CEO, executives, legal, communications and the board
- board notification thresholds that rely on judgement rather than an approved escalation structure
- notification pathways to OAIC, ASIC, APRA, ACSC, insurers and contracted parties handled ad hoc
- public, client or regulator communications prepared without a clear approval chain
- incident decisions reconstructed later from emails, memory and Teams messages
- cyber response sitting apart from the Risk Appetite Statement, Delegation of Authority, BCP and DRP
The CIRP makes command authority, board oversight, notification pathways and incident records explicit, so management can act and the board can govern at the right level.
Comparison
| Feature / Domain |  Essential Snapshot (Free) |
 Foundation Edition ($4,950 ex GST) |
 Governance Edition ($21,800 ex GST) |
|---|---|---|---|
| Behavioural governance |  Awareness only |
 Role clarity to reduce drift |
Safeguards for politics, bias, and power dynamics |
| Board / executive role clarity | Framed |
Defines core board, CEO, executive and incident response roles |
Detailed board-executive delineation, command authority and escalation logic |
| Incident authority and escalation | Overview |
Severity and escalation structure for adoption and tailoring |
Detailed classification, activation, escalation, de-escalation and governance carve-outs |
| Notification and disclosure | General awareness |
Baseline notification and disclosure structure |
Structured regulator, insurer, client, vendor and communication pathways |
| Board reporting |  |
Board-level reporting expectations |
Situation reporting, decision records and post-incident review structure |
| Decision record quality | |
Incident log and lessons-learned discipline |
Stronger incident records, evidence preservation and review pathways |
| Designed for | Identify the gaps | Credible continuity starting point | Organisations needing detailed authority, escalation, notification, communications, evidence and board reporting |
What Version Does Your Board Need?
| Situation | Recommended Tier |
|---|---|
| We want to see whether our cyber incident response plan has gaps | Board readiness diagnostic |
| We want to start a board conversation about cyber incident governance | Essential Snapshot |
| Our cyber incident response plan, is outdated or inconsistent. We need a credible, board-ready structure. | Foundation Edition |
| We need a detailed framework for authority, escalation, notification, communications, evidence and board reporting | Governance Edition |
| For organisations operating under the highest levels of accountability. | Institutional Edition |
How to Engage With NorthSeat
Step 1 - Assess Your Governance
Board Readiness Diagnostic – $649 ex GST
Pressure test your cyber governance.
Download the Essential Snapshot
Free download. The most common tension points.
Step 2 - Choose Your Framework
Foundation Edition – $4,950 ex GST
A board-ready CIRP framework for organisations that need a credible baseline structure for roles, escalation, response stages, notification and board reporting.
Governance Edition – $21,800 ex GST
A detailed CIRP framework for organisations that need command authority, escalation logic, notification discipline, communication control, evidence records and board oversight pathways
Institutional Edition – Contact Us
Built for the most complex boards.