Despite precautions, it is possible for security incidents or system compromises to occur.

Security incidents can originate from a number of sources including internal employees or motivated external attackers. An immediate response is necessary when dealing with either an internal or external hazard to any systems and an organised and controlled reaction to an incident can mean the difference between complete recovery and total disaster.

IRM's computer forensics experts routinely access IT systems and networks to recover data and determine whether it has been tampered with, damaged or deleted. Once seized, the data is imaged and examined using the specific guidelines approved by the Association of Chief Police Officers (ACPO). This process is strictly documented and IRM always maintains the integrity of the data extracted so that it can be utilised in the event of legal action.