GV.RM-05:
Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
Implementation Examples
Ex1:
Determine how to update senior executives, directors, and management on the organization's cybersecurity posture at agreed-upon intervals
Ex2:
Identify how all departments across the organization - such as management, operations, internal auditors, legal, acquisition, physical security, and HR - will communicate with each other about cybersecurity risks