During a routine audit, an organization discovers unauthorized access to their network which has led to data exfiltration. In alignment with best practices, which document should the network administrator refer to for guiding the immediate actions to be taken following this discovery?
Disaster recovery plan
Incident response plan
Acceptable use policy
Change management plan