Identifying the specific information involved in the information system contamination;
Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;
Isolating the contaminated information system or system component;
Eradicating the information from the contaminated information system or component;
Identifying other information systems or system components that may have been subsequently contaminated; and
Performing other [Assignment: organization-defined actions].