#### 30CJ Incident response plan (1) An incident response plan is a written plan: (a) that applies to an entity that is the responsible entity for a system of national significance; and (b) that relates to the system; and (c) that relates to cyber security incidents; and (d) the purpose of which is to plan for responding to cyber security incidents that could have a relevant impact on the system; and (e) that complies with such requirements (if any) as are specified in the rules. (2) Requirements specified under paragraph (1)(e): (a) may be of general application; or (b) may relate to one or more specified systems of national significance; or (c) may relate to one or more specified types of cyber security incidents. > Note: For specification by class, see subsection 13(3) of the Legislation Act 2003. (3) Subsection (2) of this section does not, by implication, limit subsection 33(3A) of the Acts Interpretation Act 1901.

Previous section30CHCopy of incident response plan must be given to the Secretary Next section30CKVariation of incident response plan