Framework Category

Incident Recovery Communication

Incident Recovery Communication ensures transparent, coordinated communication during the recovery phase.

It includes managing public relations, updating stakeholders on recovery progress, repairing reputation, and sharing approved public updates to maintain trust and credibility.

Implementation Questions

RC.CO-03

Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders

Does your organization have documented procedures for securely sharing recovery information and restoration progress with stakeholders during incident response?

During a security incident or disaster recovery scenario, it's critical that appropriate stakeholders receive timely updates about recovery efforts while ensuring sensitive information remains protected.

Does your organization have a formal process for updating senior leadership on the recovery status and progress during major security incidents?

Regular updates to senior leadership during major incidents ensure they have visibility into the recovery efforts, can make informed decisions, and provide necessary resources to support the incident response team. These updates typically include current status, estimated time to resolution, business impact assessment, and any escalation needs.

Does your organization adhere to contractually defined rules and protocols for incident information sharing with suppliers?

Adherence to agreed incident-sharing terms is at issue: whether you follow the contractually defined rules and protocols for sharing incident information with your suppliers. These requirements typically include timeframes for notification, types of incidents that must be reported, communication channels, and the level of detail required when sharing incident information.

Has your organization established a formal process for coordinating crisis communication with critical suppliers during security incidents?

Supplier crisis communication is what's being examined, namely whether you have a formal process for coordinating communications with critical suppliers during security incidents. Effective crisis communication with suppliers is essential to coordinate response efforts, minimize disruption to the supply chain, and ensure all parties have accurate information to make informed decisions during an incident.

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron