Has your organization established and documented crisis communication protocols with your critical suppliers?
Explanation
Crisis communication protocols ensure that during security incidents, system outages, or other emergencies, your organization can effectively coordinate responses with critical suppliers. These protocols should define communication channels, escalation procedures, contact information for key personnel, and the types of events that trigger communications.
Evidence of fulfillment could include a documented crisis communication plan that identifies critical suppliers, establishes communication methods (email, phone, secure messaging), defines roles and responsibilities, and includes up-to-date contact information. This document should be regularly reviewed and tested through tabletop exercises or simulations.
Implementation Example
Define and coordinate crisis communication methods and protocols between the organization and its critical suppliers
ID: GV.SC-08.106
Context
- Function
- GV: GOVERN
- Category
- GV.SC: Cybersecurity Supply Chain Risk Management
- Sub-Category
- Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
Related questions
- Has your organization established a documented strategy that defines the objectives of your cybersecurity supply chain risk management program?
- Has your organization developed a formal cybersecurity supply chain risk management program with documented policies, procedures, and an implementation plan with milestones that is shared with relevant stakeholders?
- Has your organization developed and implemented the processes from the cybersecurity supply chain risk management program, that align with your security strategy, objectives, policies, and procedures with documented stakeholder agreement and participation?
- Has your organization established a formal cross-functional team or committee responsible for cybersecurity supply chain risk management?
- Has your organization formally designated specific roles or positions responsible for cybersecurity supply chain risk management activities?
- Has your organization documented cybersecurity supply chain risk management roles and responsibilities in a formal policy?

