IRO-13
Root Cause Analysis (RCA) & Lessons Learned
Description
Mechanisms exist to incorporate lessons learned from analyzing and resolving cybersecurity and data protection incidents to reduce the likelihood or impact of future incidents.
Control Question
Does the organization incorporate lessons learned from analyzing and resolving cybersecurity and data protection incidents to reduce the likelihood or impact of future incidents?
Control Metadata
Domain:
Incident Response
Validation Cadence:
Annual
Evidence Request List:
E-IRO-08
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
25(a)
MAS TRM
7.8.17.8.27.8.312.3.3
HKIA GL20
4.14.24.35.15.25.35.45.55.65.76.16.2