An incident response plan is the correct document to consult because it outlines the procedures to follow when an IT security incident occurs, including immediate containment and subsequent investigation. This is critical for ensuring a systematic and efficient approach to managing security breaches. A change management plan is used to manage changes in IT services and infrastructure, not to respond to security incidents. A disaster recovery plan is intended for re-establishing operations following a catastrophic event, such as a natural disaster, rather than for a specific security breach. An acceptable use policy sets guidelines for the proper use of network resources, but it does not provide a response procedure for security incidents.