IR-06—Incident External Communication
>Control Description
Theme
Type
Policy/Standard
Incident Management Policy>Implementation Guidance
1. Ensure that the Incident Response Plan and the Incident Legal Communications Requirements Standard include a process for communicating a response to external stakeholders is required. 2. Design a process to maintain the list of confirmed incidents which involved external stakeholders. 3. Establish a process which sends out communications to external stakeholders per the Incident Response Plan.
>Testing Procedure
1. Inspect the Incident Response Plan and the Incident Legal Communications Requirements Standard to determine whether communicating a response to external stakeholders is required. 2. Obtain a list of confirmed incidents which involved external stakeholders. 3. Inspect a sample of confirmed incidents tickets to determine whether communications required a response to external stakeholders per the Incident Response Plan.
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.