>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-04External Communication of Incidents

>Control Description

Organization defines external communication requirements for incidents, including: • information about external party dependencies • criteria for notification to external parties as required by Organization policy in the event of a security breach • contact information for authorities (e.g., law enforcement, regulatory bodies, etc.) • provisions for updating and communicating external communication requirement changes

Theme

Process

Type

Preventive

Policy/Standard

Incident Management Policy

>Implementation Guidance

1. Ensure that following details are documented in Incident Response Plan and Standard: • information about external party dependencies • criteria for notification to external parties as required by policy in the event of a security breach • contact information for authorities (e.g., law enforcement, regulatory bodies, etc.) • provisions for updating and communicating external communication requirement changes 2. Establish a process that flags the alerts as the defined escalation metrics.

>Testing Procedure

1. Inspect the Incident Response Plan and Standard to determine whether the following are documented: • information about external party dependencies • criteria for notification to external parties as required by policy in the event of a security breach • contact information for authorities (e.g., law enforcement, regulatory bodies, etc.) • provisions for updating and communicating external communication requirement changes 2. Review the procedure for alert escalation

>Audit Artifacts

E-IR-01
E-IR-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

RC.CO-2

CIS Controls
2

17.2
17.6

PCI DSS
1

12.10.1

SOC 2
2

CC2.3
CC7.4

BSI C5
3

OIS-03
OPS-21
SIM-05

Ask AI

Configure your API key to use AI features.