GV.OC-02.002

Has your organization identified and documented all internal stakeholders and their specific cybersecurity expectations?

Explanation

This question assesses whether your organization has formally identified key internal stakeholders (such as executives, board members, department heads, and employees) and documented their specific cybersecurity expectations, requirements, and risk tolerances. For example, the CFO may have specific expectations regarding financial data protection, while the CTO may focus on system availability metrics. Evidence could include a stakeholder register or matrix that lists all internal stakeholders, their roles, their specific cybersecurity expectations, and how these expectations align with the organization's overall security strategy. This document should be regularly reviewed and updated as organizational priorities shift.

Implementation Example

Identify relevant internal stakeholders and their cybersecurity-related expectations (e.g., performance and risk expectations of officers, directors, and advisors; cultural expectations of employees)

ID: GV.OC-02.002

Context

Function
GV: GOVERN
Category
GV.OC: Organizational Context
Sub-Category
Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron