Greg Du-feu’s guide to incident response plans for fabricators

In the next in our series of articles, Greg Du-feu, Managing Director of Dufeu IT, provides businesses with 10 steps to build an incident response plan that actually works and helps protect your business.

Imagine this: It’s Monday morning. The factory is running, installers are loading vans, and suddenly your ERP system freezes. Moments later, a message appears on screen: “Your files have been encrypted.”

Phones ring. Orders stop. Staff panic.

What happens next?

If you don’t have an Incident Response Plan (IRP), the answer is chaos. If you do, it’s control.

Here’s how glazing fabricators can build a 10-step incident response plan that keeps operations moving when everything else goes wrong.

Step 1: Build a Response Team

Your response team should include:

• IT lead or external provider (such as Dufeu IT)
• Operations Manager (production continuity)
• Finance Lead (accounting & supplier communication)
• Director/Owner (decision-making & PR)

Everyone needs to know their role before an incident happens.

Step 2: Define What Counts as an Incident

Don’t wait for a ransomware note to act. Define categories of incidents in advance:

• Phishing or email compromise
• Malware detection
• System outage
• Data breach or financial fraud

Step 3: Create an Incident Response Policy

This document outlines your chain of command, escalation process, and authority levels. It prevents confusion when stress levels are high.

Step 4: Establish Communication Channels

When systems are down, how will you talk to your team and suppliers?

• Agree on secondary email addresses or messaging apps.
• Have pre-written communication templates for staff, customers, and partners.

Step 5: Classify Incidents by Severity

Minor incidents (e.g., a phishing attempt) might require IT to investigate. Major ones (e.g., ransomware) demand immediate escalation and external support.

Step 6: Document Containment, Eradication & Recovery Procedures

Create checklists for isolating infected systems, resetting passwords, and restoring data.

Example:

• Disconnect affected PCs.
• Disable remote access.
• Restore clean backups.
• Verify security patches.

Step 7: Link to Your Business Continuity Plan

Your IRP should feed directly into your Business Continuity Plan (BCP). While IT restores systems, your staff need alternate workflows to keep operations running.

Step 8: Comply with Legal Obligations

Under GDPR, you must report data breaches to the ICO within 72 hours. Knowing these requirements avoids fines and ensures transparency.

Step 9: Test the Plan Regularly

Conduct tabletop exercises twice a year. Simulate an attack and see how your team responds. The goal isn’t perfection—it’s preparation.

Step 10: Learn and Improve

Every incident is a learning opportunity. After resolving one, hold a debrief. Update your plan based on what worked and what didn’t.

Real-World Example

A fabricator in the North West experienced a ransomware incident in 2023. Because they had a tested plan, they isolated the infection within an hour and restored ERP access in 48 hours.

A competitor without a plan took over two weeks to recover. That’s the difference between a brief disruption and a business crisis.

Final Word

An incident response plan isn’t paperwork—it’s insurance. It’s what stands between a temporary setback and a catastrophic failure.

Want help building one that fits your business? Follow Dufeu IT on LinkedIn, connect with me personally, or visit dufeu-it.co.uk/contact to start the conversation.