Establish communication with stakeholders and participants in the course of business continuity and resilience procedures.
A business continuity and resilience program should:
- Communicate the importance of effective business continuity and the consequences of disruptions to all relevant stakeholders.
- Communicate the business continuity and resilience policy, objectives, and plans to all relevant stakeholders.
- Communicate the roles, responsibilities, authorities, and expected competencies to all relevant stakeholders.
- Establish the criteria, thresholds, and indicators to demonstrate when and how business continuity-related communications should be sent, who should send them, and to whom they should be sent.
- Establish templates for common communications during a disruption regarding the activation, operation, coordination, and communication of a business continuity response.
- Establish the people, technology, and processes required for business continuity communications.
- Establish a response structure that will enable timely warnings and communication to relevant stakeholders.
Clear and effective communication channels should remain available to disseminate information to participants and stakeholders, assess and relay damage, and coordinate a recovery strategy. Failed communication often results in failed business continuity efforts. Thorough planning, testing, and exercising communication procedures within the following four phases are essential to support effective business continuity and the viability of critical business operations.
- Examine the policy for determining stakeholders and participants.
- Determine if the organization has identified stakeholders and participants.
- Examine the procedures for communication with identified stakeholders and participants.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.