0โ1 hr
Contain the breach
โDisconnect affected systems from the network
โChange all administrator passwords immediately
โPreserve logs โ do not delete anything
โDocument everything with timestamps
1โ4 hrs
Assess the damage
โIdentify what data was accessed or exfiltrated
โDetermine how the attacker got in
โIdentify all affected systems and accounts
โContact your cyber insurance provider
4โ24 hrs
Notify stakeholders
โContact your legal counsel
โBrief your leadership team
โPrepare customer notification if personal data was involved
โEngage an incident response firm if needed
24โ72 hrs
Regulatory notification
โReport to the Office of the Privacy Commissioner if PIPEDA applies
โReport to the CAI if Quebec Law 25 applies
โNotify affected individuals if there is real risk of significant harm
โDocument all notifications with timestamps