SEF-03: Incident Reporting

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: LOG-03: Security Monitoring and Alerting, LOG-13: Failures and Anomalies Reporting.

Control Statement

Workforce personnel and external business relationships shall be informed of their responsibilities and, if required, shall consent and/or contractually agree to report all information security events in a timely manner. Information security events shall be reported through predefined communications channels in a timely manner adhering to applicable legal, statutory, or regulatory compliance obligations.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.