← Get Audit Ready • ↑ Documents

<aside> 🚨

Goal: Show your team practices incident response and identifies improvements before a real incident.

</aside>

What the auditor wants

• Evidence the team is trained and familiar with the incident response playbook.
• Documentation of who attended and what gaps or action items were identified.

How to clear this task

<aside> 📝

Option A: Use the built-in form

• Click + New Submission to launch the exercise documentation form.
• Capture:
  • Basics: date, facilitator, and scenario type (for example, Data Breach, Ransomware, Insider Threat)
  • Scenario description: timeline, affected systems, and threat vector
  • Session notes: key discussion points (Detection, Containment, Communication, Recovery)
  • Supporting evidence (optional): slides or agendas
  • Attendees: names, roles, and departments
  • After-action report: findings, improvement actions, owner, and due date
• Click Review when finished. </aside>

<aside> 📎

Option B: Upload an existing write-up

• If you already ran an exercise and have a PDF report, click Upload Evidence and attach it. </aside>

<aside> 👤

Solo founders

Run a “mental simulation” and use the form to document steps and gaps (for example, backup keys, emergency contacts, account recovery).

</aside>