Template 1: Emergency Contact Sheet

Complete this section now. Store a physical copy in a secure but accessible location.

FBI Phoenix Field Office: (623) 466-1999  |  IC3 Online Reporting: ic3.gov

Template 2: Incident Log

Use this log to document every action taken during an active incident. Timestamps matter for insurance claims, forensics, and legal compliance.

Continue on additional pages as needed. Every action, every call, every decision — logged with name and timestamp.

Template 3: Scope Assessment Worksheet

Complete as quickly as possible — ideally within the first 2 hours of an incident.

Template 4: Arizona Breach Notification Checklist

Arizona ARS § 18-552 requires notification of affected individuals within 45 days of discovering a breach of personal information. This checklist guides you through the requirement.

Personal information under Arizona law includes: name + SSN, name + financial account number + access code, name + medical/health insurance information, name + driver’s license or ID number, and username/email + password allowing access to an account.

  STEP 1: DETERMINE IF NOTIFICATION IS REQUIRED 

□      ☐ Identify the categories of data in the affected systems

□      ☐ Determine whether any “personal information” as defined by ARS § 18-552 was involved

□      ☐ Assess whether there is a reasonable belief unauthorized access occurred (not just encryption)

□      ☐ Consult breach counsel before determining no notification is required

Notification determination date: ________________  Made by: ________________

  STEP 2: IDENTIFY AFFECTED INDIVIDUALS 

□      ☐ Generate list of individuals whose personal information was in the affected systems

□      ☐ Obtain mailing addresses for all affected individuals

□      ☐ If 1,000+ individuals: prepare to notify the three largest consumer reporting agencies

□      ☐ If significant number of Arizona residents: consult whether AG notification is appropriate

Number of affected individuals: ________________

  STEP 3: DRAFT NOTIFICATION LETTER 

Required content under ARS § 18-552:

•       Description of what happened

•       Type of personal information that was or may have been involved

•       What the company is doing to investigate and address the breach

•       What affected individuals can do to protect themselves

•       Contact information for the notifying company

Use Template 4A (next page) as your draft notification letter.

  STEP 4: DELIVER NOTIFICATION 

□      ☐ Method of notification: written (mail) or electronic if prior consent obtained

□      ☐ Substitute notice (conspicuous website posting) only if cost exceeds $250,000 or 500,000+ individuals

□      ☐ Send notification no later than 45 days from discovery date

□      ☐ Document all notifications sent: method, date, recipient count

Notification sent date: ________________  Recipient count: ________________

Template 4A: Breach Notification Letter (Arizona)

[DATE]

Dear [NAME],

We are writing to inform you of a security incident that may have involved your personal information.

[WHAT HAPPENED]: On or around [DATE], we discovered that [DESCRIBE INCIDENT — e.g., our systems were accessed without authorization / our data was affected by a ransomware attack].

[INFORMATION INVOLVED]: The personal information that may have been involved includes: [LIST SPECIFIC CATEGORIES — e.g., name, Social Security number, financial account information].

[WHAT WE ARE DOING]: Upon discovering this incident, we immediately [DESCRIBE RESPONSE ACTIONS]. We have engaged [FORENSICS FIRM] to investigate and [IT MEASURES TAKEN]. We are also notifying law enforcement.

[WHAT YOU CAN DO]: We recommend that you: (1) Place a fraud alert with one of the three major credit bureaus; (2) Review your credit reports for unauthorized activity; (3) Monitor your financial accounts for suspicious transactions; (4) Consider placing a credit freeze on your credit file.

We take the security of your information seriously and sincerely apologize for any concern this may cause. For questions, please contact us at [CONTACT INFORMATION].

Sincerely,

[NAME / TITLE]

[COMPANY NAME]

Template 5: Post-Incident Review

Complete within 30 days of incident resolution. This document is essential for insurance reporting and for preventing recurrence.

AEGITz clients receive a pre-populated version of this template pack specific to their environment — with actual contact information, system inventory, and documented procedures. Ask about our SENTINEL and FORTRESS service tiers.