Putting Your Incident Management Playbook Into Action: Part 5 – Notify

Putting Your Incident Management Playbook Into Action: Part 5 – Notify

In the fifth installment of this series, we look at the notification stage of the incident management playbook and the appropriate steps when creating external and internal breach notifications. If it is established that the security incident should be classed as a data breach, the incident response team should begin the notification process, taking into account who should be notified and whether additional teams should be involved. 

Notification Requirements

Having determined if breach notification is required, incident response teams should consider the following steps to maintain compliance with global requirements:

• Develop external and internal communication strategies 
• Produce reports for external organizations and agencies 
• Determine additional steps to comply with internal ethics programs 

Further resources for incident management: 

• Get started: OneTrust Incident Management
• OneTrust eBook: Incident Management Playbook
• OneTrust Resource: Incident Management Tabletop Exercise

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on incident management.