Final answer:
Contingency plans would normally not be part of an incident response policy. Outside agencies, outside experts, and evidence collection procedures can be integral parts of an incident response policy.
Step-by-step explanation:
Incident response policies outline the procedures and guidelines for handling and responding to security incidents. They typically include measures such as incident reporting, communication protocols, and roles and responsibilities within an organization.
Out of the given options, contingency plans would normally not be part of an incident response policy. Contingency plans are a separate set of procedures that outline how to continue operations in the event of a disruption or disaster, but they may not specifically address the response to security incidents.
On the other hand, outside agencies, outside experts, and evidence collection procedures can be integral parts of an incident response policy. Outside agencies, such as law enforcement or regulatory bodies, may need to be involved in certain incidents.
Outside experts, such as cybersecurity consultants or forensic analysts, may be brought in to assist in resolving the incident. Evident collection procedures ensure the proper collection and preservation of evidence for potential legal proceedings or future analysis.
Therefore, the correct option is C. Contingency plan