IRO-10
Incident Stakeholder Reporting
Description
Mechanisms exist to timely-report incidents to applicable: (1) Internal stakeholders; (2) Affected clients & third-parties; and (3) Regulatory authorities.
Control Question
Does the organization timely-report incidents to applicable: (1) Internal stakeholders; (2) Affected clients & third-parties; and (3) Regulatory authorities?
Control Metadata
Domain:
Incident Response
Validation Cadence:
Annual
Evidence Request List:
E-IRO-01 E-IRO-11
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS 230
3342
MAS TRM
7.7.57.7.67.7.7
HKIA GL20
4.14.24.35.15.25.35.45.55.65.76.16.2