IRO-10.5: Serious Incident Reporting

IRO-10.5 · Serious Incident Reporting

Control Description

Mechanisms exist to report any serious incident involving the organization's Technology Assets, Applications, Services and/or Data (TAASD) to relevant authorities in the locality where the incident occurred, in accordance with mandatory reporting: (1) Requirements; and (2) Timelines.

Control Question

Assessment question for control validation

Does the organization report any serious incident involving the organization's Technology Assets, Applications and/or Services (TAAS) to relevant authorities in the locality where the incident occurred, in accordance with mandatory reporting: (1) Requirements; and (2) Timelines?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Identify

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 3 - Tactical

Additional Metadata

Applicability (Process):

Errata & Additional Notes

- wordsmithed control