SOC 2 Type II Audit Preparation Guide — Incident Response. Trust Services Criterion CC7.3 requires that the entity detects, reports, and acts upon security incidents in a timely manner. The company's incident response plan defines four severity levels: Severity-1 (critical data breach or system-wide outage), Severity-2 (partial service degradation or suspected breach), Severity-3 (minor security event with no customer impact), and Severity-4 (informational security observation). Detection-to-triage SLA is 15 minutes for all severity levels, achieved through automated alerting from the SIEM platform. Severity-1 incidents require escalation to the Chief Information Security Officer within 1 hour and notification to affected customers within 48 hours per contractual and regulatory obligations. Root cause analysis must be completed within 72 hours of incident resolution. A post-incident review meeting is held within 5 business days, and the resulting report is shared with the executive team and the external auditor. All incidents are logged in the GRC platform with complete audit trails including timeline, actions taken, evidence collected, and lessons learned.