docs: add incident response drill record template

[Hinotoi-agent]

Summary

Adds an informative Incident Response Drill Record Template for documenting tabletop exercises, simulations, and live technical drills against APTS incident response procedures.

The template gives operators and reviewers a lightweight way to capture:

• scenario metadata and severity
• requirements and controls exercised
• expected versus observed response timeline
• evidence captured during the drill
• authority and autonomy decisions
• gaps, corrective actions, and retest expectations

Why

APTS already defines incident response, kill switch, containment, auditability, notification, autonomy adjustment, and reporting requirements across multiple domains. The existing Incident Response Integration appendix maps those workflows, but there is not yet a dedicated record template for exercising and preserving evidence from IR drills.

This addition helps teams turn those existing controls into reviewable evidence without adding new normative requirements.

Affected sections

• standard/appendix/Incident_Response_Drill_Record_Template.md
• standard/appendix/Incident_Response_Integration.md
• standard/appendix/Conformance_Claim_Template.md
• standard/README.md
• standard/Getting_Started.md

Contributing.md checklist

• One logical change: a new informative incident response drill record appendix and direct navigation links
• Duplicate check: no open issue or PR found for incident response drill, drill record, or tabletop exercise; current open PR docs: add scope change decision record template #54 covers scope change decision records, not IR drills
• Formatting checked with git diff --cached --check
• Touched relative Markdown links verified locally
• Markdown tables, internal links, cross-references, generated artifacts, and YAML validation scripts were run locally
• AI assistance disclosure: drafted with AI assistance and reviewed before submission

Notes

This appendix is informative and does not create or modify APTS requirements. It is intended as an implementation aid for existing incident response, containment, auditability, notification, autonomy-adjustment, and reporting controls.

Validation

python3 - <<'PY'
from pathlib import Path
import re
files=[Path('standard/README.md'),Path('standard/Getting_Started.md'),Path('standard/appendix/Incident_Response_Integration.md'),Path('standard/appendix/Incident_Response_Drill_Record_Template.md'),Path('standard/appendix/Conformance_Claim_Template.md')]
pat=re.compile(r'\[[^\]]+\]\(([^)]+)\)')
for f in files:
    txt=f.read_text()
    for m in pat.finditer(txt):
        target=m.group(1)
        if target.startswith(('http://','https://','mailto:','#')):
            continue
        target=target.split('#',1)[0]
        if target and not (f.parent / target).resolve().exists():
            raise SystemExit(f'BROKEN {f} -> {target}')
print('Touched Markdown links OK')
PY

git diff --cached --check
python3 scripts/validate_markdown_tables.py
python3 scripts/check_internal_markdown_links.py
python3 scripts/validate_cross_references.py
python3 scripts/check_generated_artifacts.py
python3 scripts/validate_yaml.py