Framework Category
Incident Recovery Communication
Incident Recovery Communication ensures transparent, coordinated communication during the recovery phase.
It includes managing public relations, updating stakeholders on recovery progress, repairing reputation, and sharing approved public updates to maintain trust and credibility.
Implementation Questions
RC.CO-03
Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
Does your organization have documented procedures for securely sharing recovery information and restoration progress with stakeholders during incident response?
During a security incident or disaster recovery scenario, it's critical that appropriate stakeholders receive timely updates about recovery efforts while ensuring sensitive information remains protected.
Does your organization have a formal process for updating senior leadership on the recovery status and progress during major security incidents?
Regular updates to senior leadership during major incidents ensure they have visibility into the recovery efforts, can make informed decisions, and provide necessary resources to support the incident response team. These updates typically include current status, estimated time to resolution, business impact assessment, and any escalation needs.
Does your organization adhere to contractually defined rules and protocols for incident information sharing with suppliers?
Adherence to agreed incident-sharing terms is at issue: whether you follow the contractually defined rules and protocols for sharing incident information with your suppliers. These requirements typically include timeframes for notification, types of incidents that must be reported, communication channels, and the level of detail required when sharing incident information.
Has your organization established a formal process for coordinating crisis communication with critical suppliers during security incidents?
Supplier crisis communication is what's being examined, namely whether you have a formal process for coordinating communications with critical suppliers during security incidents. Effective crisis communication with suppliers is essential to coordinate response efforts, minimize disruption to the supply chain, and ensure all parties have accurate information to make informed decisions during an incident.
RC.CO-04
Public updates on incident recovery are shared using approved methods and messaging
Does your organization have documented breach notification procedures that are followed during data breach recovery incidents?
Breach notification during recovery is the focus: whether you have documented procedures for alerting affected parties and authorities, and consistently follow them when a breach happens. Proper breach notification procedures ensure timely communication with affected individuals, regulatory compliance, and appropriate remediation steps to minimize damage from the breach.
Has your organization documented an incident recovery plan that includes steps for both remediation and prevention of future similar incidents?
An effective incident recovery plan should outline specific actions to restore normal operations after a security incident and implement measures to prevent recurrence. This includes root cause analysis, system restoration procedures, and specific security improvements to address identified vulnerabilities.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

