The incident response plan is a standalone Module 9 artefact containing the complete AI-specific incident response procedure. It includes the AI-specific incident category definitions (model performance degradation, fairness drift, data poisoning, adversarial exploitation, privacy breach, human oversight failure), the detection mechanisms for each category, the severity classification matrix, and the response procedures.

The multi-regime decision tree is embedded in the plan, providing the triage team with a step-by-step process for determining which reporting obligations apply. The plan includes the pre-drafted reporting templates, the evidence preservation procedure, the role assignments with named alternates, and the escalation paths.

The plan is tested through tabletop exercises annually and live simulation exercises biannually. Exercise results, including identified weaknesses and improvement actions, are appended to the plan’s revision history. The plan is retained for the ten-year period.

Key outputs

• Complete AI-specific incident response plan
• Multi-regime decision tree and pre-drafted templates
• Annual tabletop and biannual live simulation testing
• Module 9 AISDP evidence