Incident Response Plan (314.4(h))

The FTC standards require entities that handle consumer credit-report information to adopt a written incident response plan that outlines steps for identifying, containing, and mitigating a breach of customer data. The plan must designate a response team, establish reporting timelines to the FTC and affected individuals, and include procedures for documenting the incident and preventing future occurrences.