Does your organization have documented procedures for securely sharing recovery information and restoration progress with stakeholders during incident response?
Explanation
During a security incident or disaster recovery scenario, it's critical that appropriate stakeholders receive timely updates about recovery efforts while ensuring sensitive information remains protected.
This question assesses whether your organization has formalized how recovery information is shared, with whom, through what secure channels, and at what frequency during an incident response.As evidence, you could provide a section of your incident response plan that specifically outlines recovery information sharing protocols, including designated communication channels, authorized spokespersons, information classification guidelines for recovery data, and templates for status updates that balance transparency with security considerations.
Implementation Example
Securely share recovery information, including restoration progress, consistent with response plans and information sharing agreements
ID: RC.CO-03.358
Context
- Function
- RC: RECOVER
- Category
- RC.CO: Incident Recovery Communication
- Sub-Category
- Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
Related questions
- Does your organization have a formal process for managing public relations during and after a security incident?
- Does your organization have a documented process for repairing reputation damage following a security incident?
- Does your organization have a formal process for updating senior leadership on the recovery status and progress during major security incidents?
- Does your organization adhere to contractually defined rules and protocols for incident information sharing with suppliers?
- Has your organization established a formal process for coordinating crisis communication with critical suppliers during security incidents?
- Does your organization have documented breach notification procedures that are followed during data breach recovery incidents?

