17.4: Establish and Maintain an Incident Response Process
- Critical Security Controls Version 7.1:
- 19.1: Document Incident Response Procedures
Establish and maintain an incident response process that addresses roles and responsibilities, compliance requirements, and a communication plan. Review annually, or when significant enterprise changes occur that could impact this Safeguard.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]