ID.IM-04.192

Does your organization have a process to communicate cybersecurity plans and updates to responsible personnel and affected stakeholders?

Explanation

Effective cybersecurity implementation requires clear communication of plans and updates to ensure all responsible parties understand their roles and affected stakeholders are aware of changes that may impact them. Without proper communication, even well-designed security plans may fail due to inconsistent implementation or resistance from uninformed stakeholders. Evidence could include communication plans, meeting minutes documenting plan discussions, email notifications of updates, acknowledgment forms signed by responsible parties, or screenshots of an internal portal where cybersecurity plans are shared and updated.

Implementation Example

Communicate cybersecurity plans (including updates) to those responsible for carrying them out and to affected parties

ID: ID.IM-04.192

Context

Function: ID: IDENTIFY
Category: ID.IM: Improvement
Sub-Category: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub