Skip to content
Log in

Handoff package

Definition

The bundle of information an analyst prepares before transferring an incident to a higher tier. Contents include incident ID, timeline, severity, containment actions taken, evidence collected, affected assets, and running SLA timers. Incomplete handoffs force the receiving analyst to reconstruct context already captured.

Related terms

Contact tree
A structured list of individuals and teams to notify during an incident, showing the order of contact and the conditions under which...
Escalation criteria
The documented conditions that require an analyst to transfer an incident to a higher tier or to external stakeholders. Examples include: severity...
P1/P2/P3/P4 severity tiers
A common four-level severity classification used in SLA structures. P1 (Critical) carries the shortest time windows; P4 (Low) carries the longest. The...
Service-level agreement (SLA)
A policy or contractual commitment defining how quickly the SOC must perform specific actions (acknowledge, escalate, contain, resolve) for incidents of each...
SLA breach
An instance where a required action was not completed before its SLA timer expired. Each breach is recorded against the incident ticket...

Explained in

  • Escalation Procedures and SLA ManagementThe bundle of information an analyst prepares before transferring an incident to a higher tier. Contents include incident ID, timeline, severity, containment a...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account