RS.CO-02.330

Does your organization have documented breach notification procedures that include a process for notifying affected customers in the event of a data breach?

Explanation

This question assesses whether your organization has established formal procedures for responding to data breaches, with specific focus on customer notification requirements. Effective breach notification procedures should define roles and responsibilities, timeframes for notification, communication templates, and compliance with relevant data protection regulations (such as GDPR, CCPA, or industry-specific requirements). Evidence could include a documented breach response plan or incident response playbook that outlines the notification process, sample notification templates, a decision tree for determining notification requirements, and records of breach notification drills or exercises conducted by the organization.

Implementation Example

Follow the organization's breach notification procedures after discovering a data breach incident, including notifying affected customers

ID: RS.CO-02.330

Context

Function: RS: RESPOND
Category: RS.CO: Incident Response Reporting and Communication
Sub-Category: Internal and external stakeholders are notified of incidents

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub