During a routine audit, an organization discovers unauthorized access to their network which has led to data exfiltration. In alignment with best practices, which document should the network administrator refer to for guiding the immediate actions to be taken following this discovery?
Incident response plan
Disaster recovery plan
Acceptable use policy
Change management plan