The foundation has been laid for enterprise incident response; only running through mock scenarios and real incidents will find the faults and areas that need to be modified for a more effective and fault-tolerant process. The incident process requires information to be gathered at the identification phase of the incident and throughout the resolution process. There are several pieces of information that should be captured at the time of incident identification and throughout, so that the incident team will know where to focus their efforts, and as the investigation continues and possible scope changes occur, detailed documentation can be developed to be used during and after the incident resolution.