Any recommendations for a Incident Response Policy and Procedures template?
I'm building a cyber program from scratch.
Any guidance is appreciated.
NIST, SANS, all have rather comprehensive documentations and templates on IRT.
Also check out ITIL- Service Operation, on incident management, a fairly concise guideline on incident and response process, including a good diagram on the flow.
As stated by others, the NIST Special Publication 800-61 Revision 2 is a good starting point. You can find it here: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
If you have any workloads in the cloud you will need to adapt to account for any shared responsibilities/CSP requirements.
An alternative you could look at is ISO 27035, as a top level approach. It'll also make sense to outline a playbook for each general type of incident.
You'll need to determine if you can have a permanent CSIRT or if you'll need to pull together a virtual CSIRT at the point of detecting major incident. This will probably depend on your organisations business and its resource budget. vCSIRT can work, but can also be problematic as getting the time to train and rehearse when there is actually an incident can be a tough ask with the members line management. A common solution is to have first call on staff from your SoC or pay a retainer to a third party for first responders.