RC.CO-03: Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Securely share recovery information, including restoration progress, consistent with response plans and information sharing agreements

Ex2: Regularly update senior leadership on recovery status and restoration progress for major incidents

Ex3: Follow the rules and protocols defined in contracts for incident information sharing between the organization and its suppliers

Ex4: Coordinate crisis communication between the organization and its critical suppliers