RC.CO-04.362

Does your organization have documented breach notification procedures that are followed during data breach recovery incidents?

Explanation

This question assesses whether your organization has established formal procedures for notifying affected parties and relevant authorities when a data breach occurs, and whether these procedures are consistently followed during incident recovery. Proper breach notification procedures ensure timely communication with affected individuals, regulatory compliance, and appropriate remediation steps to minimize damage from the breach. Evidence could include a documented breach notification policy/procedure, incident response playbooks that include notification steps, records of breach notification drills or exercises, or anonymized examples of past breach notifications that demonstrate adherence to the procedures.

Implementation Example

Follow the organization's breach notification procedures for recovering from a data breach incident

ID: RC.CO-04.362

Context

Function: RC: RECOVER
Category: RC.CO: Incident Recovery Communication
Sub-Category: Public updates on incident recovery are shared using approved methods and messaging

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub