Incident response plan

To build an Incident Response Plan you should consider the following information:
- Name, job title and contact information of personnel required to handle specific incidents (e.g., system/network administrator for IT-related incidents, facilities manager for premises related incidents, etc.).
- Which external parties should be contacted (e.g., customers, partners, media, public services/authorities, etc.), in which situation, through which communication channel (e.g., by phone, e-mail, press conference, etc.) and by whom.
- Types of incidents that should be handled by the plan (e.g., fire, premises evacuation, service failure, etc.)
- Details on how to treat each of the identified incident (e.g., for fire, summon the fire brigade, start premise evacuation, call fire department, etc.)

To see how an incident response plan looks like, please see this free demo: 
- Incident Response Plan https://advisera.com/27001academy/documentation/incident-response-plan/

These articles will provide you further explanation about incident management and response plan:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/

These materials will also help you regarding incident management and response plan:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/