SEF-03: Incident Reporting
Control Family:
Security Incident Management, E-Discovery, & Cloud Forensics
Control Statement
Workforce personnel and external business relationships shall be informed of their responsibilities and, if required, shall consent and/or contractually agree to report all information security events in a timely manner. Information security events shall be reported through predefined communications channels in a timely manner adhering to applicable legal, statutory, or regulatory compliance obligations.