The purpose of this cyber incident response action plan (”IRAP”) is to provide a structured and systematic incident response process for all information security incidents (as defined in Section 4, Definitions) that affect any of the UCR Plan’s1 information technology (”IT”) systems, network, or data, including the UCR Plan’s data held or IT services provided by third- party vendors or other service providers.