M1.4.2 - INTERNAL AND EXTERNAL COMMUNICATIONS Implementation Guidance
Back to M1.4.2 - P2 - INTERNAL AND EXTERNAL COMMUNICATIONS
INTERNAL COMMUNICATION: The entity should establish internal communication and reporting mechanisms in order to support information security. These mechanisms should ensure that:
- A. Key components of the information security controls, and any subsequent modifications, are communicated appropriately
- B. There is adequate internal reporting on information security, its effectiveness and the outcomes
- C. Relevant information derived from the application of security controls is available in the entity, as appropriate
- D. There are processes for consultation with internal stakeholders
EXTERNAL COMMUNICATION: The entity should develop and implement a plan as to how it will communicate with external stakeholders. This should involve:
- A. Engaging appropriate external stakeholders and ensuring an effective exchange of information)
- B. External reporting to comply with legal, regulatory, sector and governance requirements;
- C. Providing feedback and reporting on communication and consultation
- D. Using communication to build confidence in the entity and its security
- E. Communicating with stakeholders in the event of a crisis or contingency
During communication, care should be taken regarding the confidentiality of the
information involved.
