IRO-09
Situational Awareness For Incidents
Description
Mechanisms exist to document, monitor and report the status of cybersecurity and data protection incidents to internal stakeholders all the way through the resolution of the incident.
Control Question
Does the organization document, monitor and report the status of cybersecurity and data protection incidents to internal stakeholders all the way through the resolution of the incident?
Control Metadata
Domain:
Incident Response
Validation Cadence:
Annual
Evidence Request List:
E-IRO-03
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
2324
MAS TRM
7.7.5
HKIA GL20
4.14.24.35.15.25.35.45.55.65.76.16.2