Implementing OT Incident Response Playbook When to Use - When building OT-specific incident response procedures for the first time - When existing IT IR playbooks do not address ICS/SCADA-specific requirements - When preparing for OT ransomware scenarios like EKANS or LockerGoga - When aligning IR procedures with IEC 62443 and NERC CIP incident reporting requirements - When conducting post-incident reviews to improve OT IR capabilities Do not use for IT-only incident response without OT components (use standard NIST 800-61 playbooks), for day-to-day OT security monitoring (see implementing-dr…