Incident Response Policy and Procedures | IR-1

Incident Response Policy

MCC recognizes that information security incident response policies and procedures are vital to reducing information security risks.

Purpose

The Incident Response Policy and associated controls describe the requirements for responding to and minimizing the impact of an information security incident impacting MCC.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, Information Resource Owners, and Custodians.

Compliance

Incident Response controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76, §202.73.

Implementation

Prioritization of information security incidents will be based on the criticality of impacted resources, current and potential impact (e.g. unauthorized discloser of confidential information, access to services, loss of revenue, and potential to spread to other information resources).

The Cybersecurity Manager or their designee is responsible for: 

  • ensuring that this policy and supporting procedures are periodically reviewed and updated.

Last updated: 5/13/2026

Contact Hours or Questions?

Information on Tech Support