RS.CO-03.336

Does your organization have a formal process for updating senior leadership on the status of major security incidents?

Explanation

Regular updates to senior leadership during major security incidents ensure proper oversight, enable informed decision-making, and demonstrate appropriate governance of security events. This practice helps leadership understand the business impact of incidents and allocate necessary resources for response and recovery. Evidence could include documented incident communication procedures that specify leadership notification requirements, templates for executive briefings during incidents, meeting minutes from incident review sessions with leadership, or examples of past incident status reports shared with executives (with sensitive details redacted).

Implementation Example

Regularly update senior leadership on the status of major incidents

ID: RS.CO-03.336

Context

Function
RS: RESPOND
Category
RS.CO: Incident Response Reporting and Communication
Sub-Category
Information is shared with designated internal and external stakeholders

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron