AI Incident Response Playbook Guide
AI-specific incident types, severity, playbooks for injection and agent runaway, and evidence preservation.
AI Security Incident Response Playbook
AI-specific incident types, severity, playbooks for injection and agent runaway, and evidence preservation.
How to Fill Out This AI Security Incident Response Playbook
AI security incident response playbook template — Extends COR-007 — log AI incidents in SOC-013 and new risks in AI-014b after post-incident review.
Recommended Owner: Security Lead | Legal for notification sections
Before you start
Getting Started
- Enable Editing: Click Enable Editing in Word when prompted.
- Replace brackets: Search for [Bold Brackets] and fill every placeholder with real names, tools, and dates.
- Delete what does not apply: Shorter accurate text beats generic boilerplate auditors cannot test.
- Cross-check Phase 1: Names and scope should match SOC-002, SOC-004, and COR-001 where referenced.
Toolkit links
Related templates in your kit
Keep these companion documents consistent (same owners, dates, and vendor names):
- COR-007
- SOC-013
- AI-014b
- AI-010
Quality check
Before You Finalize
- Every [bracket] placeholder is replaced or marked N/A with a short reason.
- Roles and tool names match COR-005 org chart and SOC-004 system description.
- Review and Approval section is signed with name, title, and date.
Evidence
Where to Store It
- Store the completed file in your compliance evidence folder (signed PDF for policies).
- Register the document in COR-013 Document Control Log with version and review date.
- Link to the record in your SOC-005 project plan or evidence index when ready.