Does your organization have documented breach notification procedures that are followed during data breach recovery incidents?
Explanation
Breach notification during recovery is the focus: whether you have documented procedures for alerting affected parties and authorities, and consistently follow them when a breach happens. Proper breach notification procedures ensure timely communication with affected individuals, regulatory compliance, and appropriate remediation steps to minimize damage from the breach.
Evidence could include a documented breach notification policy/procedure, incident response playbooks that include notification steps, records of breach notification drills or exercises, or anonymized examples of past breach notifications that demonstrate adherence to the procedures.
Implementation Example
Follow the organization's breach notification procedures for recovering from a data breach incident
ID: RC.CO-04.362
Context
- Function
- RC: RECOVER
- Category
- RC.CO: Incident Recovery Communication
- Sub-Category
- Public updates on incident recovery are shared using approved methods and messaging
Related questions
- Does your organization have a formal process for managing public relations during and after a security incident?
- Does your organization have a documented process for repairing reputation damage following a security incident?
- Does your organization have documented procedures for securely sharing recovery information and restoration progress with stakeholders during incident response?
- Does your organization have a formal process for updating senior leadership on the recovery status and progress during major security incidents?
- Does your organization adhere to contractually defined rules and protocols for incident information sharing with suppliers?
- Has your organization established a formal process for coordinating crisis communication with critical suppliers during security incidents?

