RS.MA-04.318

Does your organization have a documented incident escalation procedure that defines coordination with both internal stakeholders (e.g., management, legal) and external parties (e.g., customers, regulators, law enforcement)?

Explanation

This question assesses whether your organization has established clear pathways for escalating security incidents to appropriate stakeholders based on severity, impact, and regulatory requirements. Effective incident escalation procedures ensure timely notification to decision-makers, technical teams, legal counsel, affected customers, and regulatory bodies when necessary, preventing communication breakdowns during critical incidents. Evidence could include an incident response plan document that contains escalation matrices, contact information for stakeholders, criteria for different escalation levels, communication templates, and defined timelines for notifications. This document should clearly show when and how incidents are elevated to senior management, legal teams, customers, regulators, or law enforcement.

Implementation Example

Coordinate incident escalation or elevation with designated internal and external stakeholders

ID: RS.MA-04.318

Context

Function: RS: RESPOND
Category: RS.MA: Incident Management
Sub-Category: Incidents are escalated or elevated as needed

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub