Security Operations Center in the military nomenclature is compared to a rapid reaction force. To ensure that data security risks can be addressed quickly, SOC operators need to know what actions are needed to take and in what order they should be carried out. In the case of an attack on an IT system, each sentence is performed according to a pre-determined incident management procedure and a response plan. The incident management procedure is agreed with the Customer at the service implementation stage and ensures that security requirements such as GDPR or The Directive on security of network and information systems (NIS Directive) are met. The procedure assumes compliance with the most important area standards, including in particular ISO/IEC 27001, NIST, PCI or HIPAA. The quality of the Security Operations Center processes is based on efficient information flow. Processes require extreme standardization to ensure that nothing is omitted or fabricated. Continuous testing of incident management procedures ensures that Security Operations Center operators act effectively as a cohesive unit during incident escalation.