We have a full incident response from our outsourced IT as to what their process would be in different scenarios (ransomware, inability to access Office 365, etc) but are now putting together our side of the incident response (internal comms etc). We are having discussions internally as to how much detail and how prescriptive this part should be.
Do others include prescriptive details (e.g. A will do B using C by D) or is it more general (e.g. the Charity will do X, Y and Z)? or something different?