Go to kintent.com

Docy Child

Updated on February 28, 2023

BIZOPS-32 – Breach Notification

Estimated reading: 2 minutes 273 views

What is this control really about?

This control is about having a process for notifying customers, media and relevant parties following a breach of information in a timely manner. This is a good practice for any organization. The process should involve:

  •  appropriate identification of breaches
  •  identification of the affected parties to notify
  •  a process to send notification in writing via first-class mail or email
  • A process to ensure the notification is sent without delay a notification no later than 60 days

Available tools in the marketplace 

Tools
  • No tools recommendation for this section

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

What is required to implement this control?

First, a process needs to be documented to guide personnel in the assessment of a breach. The process can be included in your existing security incident management policy and must include the following section:

  • Breach risk assessment – This section should address the process of determining that a breach has occurred.
  • Affected individuals – This section should address how to identify the affected individuals
  • Notification timeline – This section should address when and how to notify the affected individuals

The templates linked above will help you get started.

Secondly, you need to assign designated personnel responsible for notifying affected individuals.

Lastly, a template should be created to track breaches and notification to affected individuals.

What evidence is the auditor looking for?

  • A documented breach notification procedure
  • Breach reporting template or form used to track breaches and notifications (if no breaches had occurred) and  breach notification letter for a recent breach

Artifact example

  1. A documented breach notification procedure
  1. Breach report form used to track breaches and notifications

Link to a breach notification assessment  or, a recent breach notification form

bizops 32 2

Incident Management - Previous BIZOPS-7 Security Incident Management Plan Next - Incident Management BIZOPS-33 – Incident Response Team

Join the conversation

ON THIS PAGE
SUBSCRIBE
FlightSchool
SHARE THIS ARTICLE
Twitter Facebook LinkedIn
FlightSchool by TrustCloud

FlightSchool is the fun way to learn about compliance, trust, and TrustCloud’s products.

© 2023 TrustCloud Corporation. All rights reserved.
TrustOps® is a registered trademark of TrustCloud Corporation.

FlightSchool RSS Feed

TOPICS

Platform

ABOUT US

AICPA
Monitored by TrustCloud

❤️  Joyfully crafted by a 100% distributed team.