{"id":"055e898a-7ac8-476b-9ab3-8026c6056e59","shortId":"DQMgAM","kind":"skill","title":"pmstudio-irp","tagline":"Generate an Incident Response Plan (IRP) with severity classification, escalation procedures, and communication templates. Use when someone asks to \"create an incident response plan\", \"IRP\", \"incident procedures\", \"escalation matrix\", \"incident playbook\", or needs to document how","description":"# IRP — Incident Response Plan\n\n## Purpose\n\nGenerates an Incident Response Plan specific to the product/platform. Not a generic IT incident template — this plan is scoped to the product, uses its real stakeholders as escalation contacts, and ties severity to its data classification.\n\n## Process\n\n### Step 1: Read Context\n\n**Read all that exist:**\n- `CLAUDE.local.md` — architecture, stakeholders, vendor contacts, data classification\n- `PRD/*.html` or `PRD/*.md` — security section, RBAC, NFRs, integrations\n- `Data/Stakeholder-Directory.*` — escalation contacts with roles and emails\n- `Operational/DR-Plan*.html` — recovery procedures to reference (if exists)\n\n### Step 2: Ask Discovery Questions\n\nOnly ask what can't be inferred:\n\n1. **What constitutes an \"incident\" for this product?** (data breach, service outage, unauthorized access, integration failure, data corruption)\n2. **Who is the Incident Commander?** (default: PM, but confirm)\n3. **Vendor support model?** (SLA response times, escalation contacts, ticket system)\n4. **Legal/privilege considerations?** (e.g., ProductB has legal privilege — incidents may require legal counsel)\n5. **Existing Coco Inc incident process?** (does the team already report through ServiceNow, Slack, etc.)\n\n### Step 3: Generate IRP Document\n\n**Output:** `Operational/IRP-{ProductName}-{Date}.html`\n\nSelf-contained HTML with print-optimized CSS. No CDN dependencies — this document must work offline during an actual incident.\n\n**12 sections:**\n\n**1. Purpose & Scope**\n- Which product/instance this plan covers\n- What qualifies as an incident vs. a support request\n- Relationship to firm-wide incident process\n\n**2. Severity Classification**\n\nBuild product-specific severity matrix. See `references/severity-matrix.md` for the framework.\n\nKey rule: **Data classification drives minimum severity.**\n- Purple Data incident = auto-SEV1\n- Red Data incident = minimum SEV2\n- Yellow/Green = severity based on impact\n\n| Severity | Definition | Response Time | Example |\n|----------|-----------|---------------|---------|\n| SEV1 — Critical | Data breach, complete service outage, legal/regulatory exposure | 15 min | Purple Data accessed by unauthorized user |\n| SEV2 — High | Significant functionality loss, data integrity issue, >50% users affected | 1 hour | Integration failure causing data sync halt |\n| SEV3 — Medium | Partial functionality loss, workaround available, <50% users affected | 4 hours | Single module unavailable, manual process possible |\n| SEV4 — Low | Minor issue, cosmetic, single-user impact | Next business day | Report formatting error, UI glitch |\n\n**3. Detection & Reporting**\n- How incidents are typically detected (user report, monitoring, vendor notification)\n- Reporting channel (email, Slack, ServiceNow ticket)\n- What information to include when reporting\n\n**4. Escalation Matrix**\n- Per-severity: who to contact, in what order, with backup contacts\n- Pull real names and emails from stakeholder directory\n- Include vendor escalation path\n\n**5. Response Procedures**\n- Per-severity playbooks with triage, containment, investigation, resolution steps\n- See `references/escalation-patterns.md` for playbook structure\n\n**6. Communication Protocol**\n- Internal (team Slack/Teams channel)\n- Stakeholder (email using `/stakeholder-comms incident` template)\n- Vendor (support ticket + phone for SEV1-2)\n- Leadership (when to escalate to SteerCo)\n- Per-severity: who communicates what, when, through which channel\n\n**7. Evidence Preservation**\n- What to capture: screenshots, logs, timestamps, affected records\n- Where to store: incident folder in SharePoint, not in the product itself\n- Chain of custody for legal/privilege incidents\n\n**8. Resolution & Recovery**\n- Handoff to DR/Recovery plan (if exists)\n- Verification steps before declaring resolved\n- Service restoration confirmation checklist\n\n**9. Post-Incident Review (PIR)**\n- PIR meeting within 48 hours of resolution\n- Template: timeline, impact, root cause, contributing factors, what went well, what to improve, action items\n- PIR document stored in `Meeting-Notes/PIR-{Date}-{Summary}.md`\n\n**10. Roles & Responsibilities**\n- Incident Commander (owns coordination)\n- Communications Lead (owns stakeholder updates)\n- Technical Lead (owns diagnosis and fix)\n- Vendor Liaison (owns vendor communication)\n- Legal Counsel (for privilege/regulatory incidents)\n\n**11. Vendor Escalation**\n- Vendor support tiers and SLA response times\n- Escalation contacts (from project memory)\n- Ticket creation procedure\n- When to bypass normal support (SEV1 phone escalation)\n\n**12. Review & Maintenance**\n- Review cadence: semi-annually or after any SEV1-2 incident\n- Tabletop exercise schedule: annually\n- Contact list verification: quarterly\n- Version history\n\n### Step 4: Present for Review\n\nShow the complete plan structure with key content decisions highlighted:\n- Severity matrix with product-specific examples\n- Escalation matrix with real names\n- Any assumptions made\n\nAsk for approval before writing the file.\n\n## Critical Rules\n\n1. **Zero external dependencies.** The HTML must render fully offline. No CDN links. During an incident, internet may be unreliable.\n2. **Real contacts only.** Pull names/emails from project files. Leave blanks with \"[TBD — add contact]\" markers rather than guessing.\n3. **Legal privilege awareness.** If the project involves legal privilege (like ProductB/Tax), include a section on when to involve legal counsel and how to protect privilege during incident response.\n4. **Severity ties to data.** Always tie severity classification to the product's data classification. Don't create a severity matrix that ignores data sensitivity.\n5. **Actionable, not aspirational.** Every procedure should be something the team can actually execute today with current tools and access. Don't include monitoring procedures if no monitoring exists yet.","tags":["irp","coco","rkz91","agent-skills","agents-md","ai-agents","claude-code","codex","cursor","developer-tools","llm-tools","mcp"],"capabilities":["skill","source-rkz91","skill-irp","topic-agent-skills","topic-agents-md","topic-ai-agents","topic-claude-code","topic-codex","topic-cursor","topic-developer-tools","topic-llm-tools","topic-mcp","topic-pm-tools","topic-product-management","topic-productivity"],"categories":["coco"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/rkz91/coco/irp","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add rkz91/coco","source_repo":"https://github.com/rkz91/coco","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 7 github stars · SKILL.md body (5,883 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:07.428Z","embedding":null,"createdAt":"2026-05-18T13:21:39.884Z","updatedAt":"2026-05-18T19:14:07.428Z","lastSeenAt":"2026-05-18T19:14:07.428Z","tsv":"'-2':460,629 '/pir-':559 '/stakeholder-comms':451 '1':83,134,234,328,680 '10':563 '11':591 '12':232,617 '15':309 '2':123,152,258,700 '3':162,202,371,719 '4':173,346,396,642,748 '48':533 '5':186,423,773 '50':325,343 '6':441 '7':477 '8':506 '9':524 'access':147,313,792 'action':550,774 'actual':230,785 'add':713 'affect':327,345,486 'alreadi':195 'alway':753 'annual':624,634 'approv':673 'architectur':91 'ask':21,124,128,671 'aspir':776 'assumpt':669 'auto':283 'auto-sev1':282 'avail':342 'awar':722 'backup':409 'base':292 'blank':710 'breach':143,303 'build':261 'busi':364 'bypass':611 'cadenc':621 'captur':482 'caus':332,541 'cdn':221,691 'chain':500 'channel':385,447,476 'checklist':523 'classif':12,80,96,260,275,756,762 'claude.local.md':90 'coco':188 'command':157,567 'communic':16,442,471,570,585 'complet':304,648 'confirm':161,522 'consider':175 'constitut':136 'contact':73,94,109,170,404,410,602,635,702,714 'contain':213,432 'content':653 'context':85 'contribut':542 'coordin':569 'corrupt':151 'cosmet':358 'counsel':185,587,739 'cover':241 'creat':23,765 'creation':607 'critic':301,678 'css':219 'current':789 'custodi':502 'data':79,95,142,150,274,280,286,302,312,322,333,752,761,771 'data/stakeholder-directory':107 'date':209,560 'day':365 'decis':654 'declar':518 'default':158 'definit':296 'depend':222,683 'detect':372,378 'diagnosi':578 'directori':418 'discoveri':125 'document':38,205,224,553 'dr/recovery':511 'drive':276 'e.g':176 'email':113,386,415,449 'error':368 'escal':13,31,72,108,169,397,421,464,593,601,616,663 'etc':200 'everi':777 'evid':478 'exampl':299,662 'execut':786 'exercis':632 'exist':89,121,187,514,801 'exposur':308 'extern':682 'factor':543 'failur':149,331 'file':677,708 'firm':254 'firm-wid':253 'fix':580 'folder':492 'format':367 'framework':271 'fulli':688 'function':320,339 'generat':4,45,203 'generic':56 'glitch':370 'guess':718 'halt':335 'handoff':509 'high':318 'highlight':655 'histori':640 'hour':329,347,534 'html':98,115,210,214,685 'ignor':770 'impact':294,362,539 'improv':549 'inc':189 'incid':6,25,29,33,41,47,58,138,156,181,190,231,246,256,281,287,375,452,491,505,527,566,590,630,695,746 'includ':393,419,731,795 'infer':133 'inform':391 'integr':106,148,323,330 'intern':444 'internet':696 'investig':433 'involv':726,737 'irp':3,9,28,40,204 'issu':324,357 'item':551 'key':272,652 'lead':571,576 'leadership':461 'leav':709 'legal':179,184,586,720,727,738 'legal/privilege':174,504 'legal/regulatory':307 'liaison':582 'like':729 'link':692 'list':636 'log':484 'loss':321,340 'low':355 'made':670 'mainten':619 'manual':351 'marker':715 'matrix':32,266,398,657,664,768 'may':182,697 'md':101,562 'medium':337 'meet':531,557 'meeting-not':556 'memori':605 'min':310 'minimum':277,288 'minor':356 'model':165 'modul':349 'monitor':381,796,800 'must':225,686 'name':413,667 'names/emails':705 'need':36 'next':363 'nfrs':105 'normal':612 'note':558 'notif':383 'offlin':227,689 'operational/dr-plan':114 'operational/irp-':207 'optim':218 'order':407 'outag':145,306 'output':206 'own':568,572,577,583 'partial':338 'path':422 'per':400,427,468 'per-sever':399,426,467 'phone':457,615 'pir':529,530,552 'plan':8,27,43,49,61,240,512,649 'playbook':34,429,439 'pm':159 'pmstudio':2 'pmstudio-irp':1 'possibl':353 'post':526 'post-incid':525 'prd':97,100 'present':643 'preserv':479 'print':217 'print-optim':216 'privileg':180,721,728,744 'privilege/regulatory':589 'procedur':14,30,117,425,608,778,797 'process':81,191,257,352 'product':66,141,263,498,660,759 'product-specif':262,659 'product/instance':238 'product/platform':53 'productb':177 'productb/tax':730 'productnam':208 'project':604,707,725 'protect':743 'protocol':443 'pull':411,704 'purpl':279,311 'purpos':44,235 'qualifi':243 'quarter':638 'question':126 'rather':716 'rbac':104 'read':84,86 'real':69,412,666,701 'record':487 'recoveri':116,508 'red':285 'refer':119 'references/escalation-patterns.md':437 'references/severity-matrix.md':268 'relationship':251 'render':687 'report':196,366,373,380,384,395 'request':250 'requir':183 'resolut':434,507,536 'resolv':519 'respons':7,26,42,48,167,297,424,565,599,747 'restor':521 'review':528,618,620,645 'role':111,564 'root':540 'rule':273,679 'schedul':633 'scope':63,236 'screenshot':483 'section':103,233,733 'secur':102 'see':267,436 'self':212 'self-contain':211 'semi':623 'semi-annu':622 'sensit':772 'servic':144,305,520 'servicenow':198,388 'sev1':284,300,459,614,628 'sev2':289,317 'sev3':336 'sev4':354 'sever':11,76,259,265,278,291,295,401,428,469,656,749,755,767 'sharepoint':494 'show':646 'signific':319 'singl':348,360 'single-us':359 'skill' 'skill-irp' 'sla':166,598 'slack':199,387 'slack/teams':446 'someon':20 'someth':781 'source-rkz91' 'specif':50,264,661 'stakehold':70,92,417,448,573 'steerco':466 'step':82,122,201,435,516,641 'store':490,554 'structur':440,650 'summari':561 'support':164,249,455,595,613 'sync':334 'system':172 'tabletop':631 'tbd':712 'team':194,445,783 'technic':575 'templat':17,59,453,537 'ticket':171,389,456,606 'tie':75,750,754 'tier':596 'time':168,298,600 'timelin':538 'timestamp':485 'today':787 'tool':790 'topic-agent-skills' 'topic-agents-md' 'topic-ai-agents' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-developer-tools' 'topic-llm-tools' 'topic-mcp' 'topic-pm-tools' 'topic-product-management' 'topic-productivity' 'triag':431 'typic':377 'ui':369 'unauthor':146,315 'unavail':350 'unreli':699 'updat':574 'use':18,67,450 'user':316,326,344,361,379 'vendor':93,163,382,420,454,581,584,592,594 'verif':515,637 'version':639 'vs':247 'well':546 'went':545 'wide':255 'within':532 'work':226 'workaround':341 'write':675 'yellow/green':290 'yet':802 'zero':681","prices":[{"id":"46f702e9-e60c-4e7d-a7b1-239d6bf6d42f","listingId":"055e898a-7ac8-476b-9ab3-8026c6056e59","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"rkz91","category":"coco","install_from":"skills.sh"},"createdAt":"2026-05-18T13:21:39.884Z"}],"sources":[{"listingId":"055e898a-7ac8-476b-9ab3-8026c6056e59","source":"github","sourceId":"rkz91/coco/irp","sourceUrl":"https://github.com/rkz91/coco/tree/main/skills/irp","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:39.884Z","lastSeenAt":"2026-05-18T19:14:07.428Z"}],"details":{"listingId":"055e898a-7ac8-476b-9ab3-8026c6056e59","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"rkz91","slug":"irp","github":{"repo":"rkz91/coco","stars":7,"topics":["agent-skills","agents-md","ai","ai-agents","claude-code","codex","cursor","developer-tools","llm-tools","mcp","pm-tools","product-management","productivity","prompt-engineering","workflow-automation"],"license":"mit","html_url":"https://github.com/rkz91/coco","pushed_at":"2026-04-26T01:51:27Z","description":"Open-source library of AI superpowers — 59 skills, 34 commands, 10 agents + 24 GSD subagents, 3 system bundles. An entire team, wherever your AI lives. Vendor-neutral across Claude Code, Cursor, Codex, and any AGENTS.md tool.","skill_md_sha":"5f3e4d53a231a4d69351bddcb6ad6b56e4a76cec","skill_md_path":"skills/irp/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/rkz91/coco/tree/main/skills/irp"},"layout":"multi","source":"github","category":"coco","frontmatter":{"name":"pmstudio-irp","description":"Generate an Incident Response Plan (IRP) with severity classification, escalation procedures, and communication templates. Use when someone asks to \"create an incident response plan\", \"IRP\", \"incident procedures\", \"escalation matrix\", \"incident playbook\", or needs to document how to handle incidents for a product/platform. Reads PRD, stakeholder directory, and project memory to build product-specific response procedures. Complementary to DR plan (DR = restore service; IRP = manage the incident while it's happening)."},"skills_sh_url":"https://skills.sh/rkz91/coco/irp"},"updatedAt":"2026-05-18T19:14:07.428Z"}}