The organization responds to information spills by:
a. Identifying the specific information involved in the information system contamination;
b. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;
c. Isolating the contaminated information system or system component;
d. Eradicating the information from the contaminated information system or component;
e. Identifying other information systems or system components that may have been subsequently contaminated; and
f. Performing other [Assignment: organization-defined actions].
