One of the principal tasks of such teams is to act in emergencies, once irregularities or incidents have been detected, as a kind of "IT emergency service". They are also set up to carry out preventive measures, publishing documents and promoting security training.
The document explains procedures and policies for implementing this kind of service. The "Handbook for CSIRTs" also describes how teams should interact with other organizations and how sensitive information should be handled.
Download the paper in PDF format here.