PR.AT-04

Have senior executives been formally trained on and demonstrated understanding of their specific cybersecurity roles and responsibilities?

Explanation

This question assesses whether the organization has established clear cybersecurity accountability at the executive level and ensured executives understand their specific responsibilities in the security governance structure. Senior executives must comprehend their decision-making authority, oversight responsibilities, and accountability for security incidents that may impact the organization. Evidence of fulfillment could include: documented role descriptions for executives that outline security responsibilities; signed acknowledgments from executives confirming their understanding; meeting minutes showing executive participation in security governance discussions; completion certificates from executive-level security awareness training; or performance objectives that include security governance metrics.

Context

Function: PR: PROTECT
Category: PR.AT: Awareness and Training
Sub-Category: Senior executives understand their roles and responsibilities

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub