An IS Auditor is conducting an audit for a healthcare organization and discovers a breach in which patient records were accessed without authorization. The organization has implemented a process to investigate and address such incidents promptly. What type of control does this process represent?