RS.CO-03.333

Does your organization have documented processes for securely sharing information during incident response that align with established information sharing agreements?

Explanation

This question assesses whether your organization has formalized procedures for sharing security incident information with appropriate stakeholders while maintaining confidentiality and compliance with agreements. Secure information sharing during incidents is critical to coordinate effective responses, meet regulatory requirements, and maintain trust with partners and customers. Evidence could include documented information sharing procedures, templates for different types of security incidents, access control lists for sensitive information, and records of information sharing agreement reviews. These documents should clearly define what information can be shared, with whom, through which secure channels, and under what circumstances.

Implementation Example

Securely share information consistent with response plans and information sharing agreements

ID: RS.CO-03.333

Context

Function: RS: RESPOND
Category: RS.CO: Incident Response Reporting and Communication
Sub-Category: Information is shared with designated internal and external stakeholders

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub