Has your organization established a formal process for coordinating crisis communication with critical suppliers during security incidents?
Explanation
Supplier crisis communication is what's being examined, namely whether you have a formal process for coordinating communications with critical suppliers during security incidents. Effective crisis communication with suppliers is essential to coordinate response efforts, minimize disruption to the supply chain, and ensure all parties have accurate information to make informed decisions during an incident.
Evidence could include a documented crisis communication plan that specifically addresses supplier coordination, contact lists for key supplier personnel, templates for supplier notifications, and records of crisis communication drills or exercises conducted with critical suppliers.
Implementation Example
Coordinate crisis communication between the organization and its critical suppliers
ID: RC.CO-03.361
Context
- Function
- RC: RECOVER
- Category
- RC.CO: Incident Recovery Communication
- Sub-Category
- Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
Related questions
- Does your organization have a formal process for managing public relations during and after a security incident?
- Does your organization have a documented process for repairing reputation damage following a security incident?
- Does your organization have documented procedures for securely sharing recovery information and restoration progress with stakeholders during incident response?
- Does your organization have a formal process for updating senior leadership on the recovery status and progress during major security incidents?
- Does your organization adhere to contractually defined rules and protocols for incident information sharing with suppliers?
- Does your organization have documented breach notification procedures that are followed during data breach recovery incidents?

