When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

it's important for organisations, regardless of whether they opt for in-house forensics or outsourced, to have a basic understanding of forensics readiness to ensure investigations are conducted using forensics principles. The same applies for incident response. An outsourced provider can triage events to a certain extent but depending on the MSSP model you opt for, your outsourced provider won't be able to remediate all incidents to ensure BAU. They can provide you with the necessary context and information (if they manage your EDR they can even isolate affected endpoints), but the BAU part tends to be in-house hence having an internal incident response plan is also vital. Lastly - remember to test these using table top exercises, and ensure post-mortems are also conducted after legitimate incidents as these highlight areas of improvement, or help you confirm your plan is adequate.