Frequently Asked Questions

1. What is an incident response plan?

An incident response plan (IRP) is a documented set of procedures that defines how your organization detects, responds to, and recovers from a cyber incident. It specifies who does what, in what order, and how decisions are made under pressure. A written IRP is the foundation of organizational cybersecurity preparedness.

2. Does my nonprofit need an incident response plan?

If your organization holds donor data, client records, employee files, or any sensitive information, you need a documented plan for what happens when a breach occurs. Board requirements, funder requirements, and cyber insurance policies increasingly require one. State breach notification laws make one essential. An organization without a plan pays more — in recovery time, breach costs, and credibility.

3. What should a nonprofit incident response plan include?

A complete nonprofit incident response plan should include: defined roles and responsibilities; incident classification criteria; detection and reporting procedures; containment and eradication steps; recovery procedures; notification timelines and contacts for regulators, insurers, and affected individuals; a documentation and evidence log; and a post-incident review process. IRPForge generates all of these in a single output.

4. How long does it take to create an incident response plan with IRPForge?

Most users complete the intake form in 10-20 minutes. The system generates your plan immediately after submission. Download is available within minutes of completing the form.

5. What does IRPForge cost?

IRPForge offers four tiers. The Free tier delivers a sample plan through nonprofitirp.com — no account required. Starter is $199 one-time and generates your complete, branded incident response plan as a PDF. Professional ($399/year) and Organization ($799/year) are coming soon — they add editable Word document output, annual regeneration, and additional tools including a Tabletop Exercise Generator and After Action Report Generator. Starter customers will receive 50% off their first year of Professional when it launches.

6. What is the difference between PDF and Word document output?

Starter produces a branded PDF — professional, audit-ready, and immediately shareable with your board, funders, or insurer. Professional and Organization produce editable Word documents, which allow your team to modify sections directly, your legal counsel to redline language, and your staff to update contacts without needing to regenerate. Word document output is coming with the Professional tier.

7. Does IRPForge create a compliance-certified plan?

No. IRPForge generates a structured incident response plan based on CIS Controls v8 and the NIST Cybersecurity Framework — publicly available best-practice standards. Whether the plan satisfies any specific legal, regulatory, or insurance requirement is a determination for qualified legal counsel. IRPForge does not provide legal advice and does not certify compliance with any law or regulation.

8. What's the difference between IRPForge and a tabletop exercise?

A tabletop exercise is a facilitated, interactive simulation where your team walks through a fictional incident scenario in real time — typically led by an outside security consultant at a cost of $5,000-$35,000. IRPForge generates the written plan that a tabletop exercise would test. Both serve different purposes: the plan documents your procedures; the exercise tests them. IRPForge is not equivalent to a tabletop exercise and does not replace one.

9. What happens to my data after I submit the intake form?

Data submitted through the IRPForge intake form is used solely to generate your incident response plan. IRPForge does not sell your data. We do not share it with third parties for marketing purposes. See the full Privacy Policy at nonprofitirp.com/privacy and the Terms of Service at irpforge.com/terms.

Built on CIS Controls v8 and the NIST Cybersecurity Framework — publicly available standards, not certified or endorsed by NIST or CIS.