GV.SC-08:
Relevant suppliers and other third parties are included in incident planning, response, and recovery activities
Implementation Examples
Ex1:
Define and use rules and protocols for reporting incident response and recovery activities and the status between the organization and its suppliers
Ex2:
Identify and document the roles and responsibilities of the organization and its suppliers for incident response
Ex3:
Include critical suppliers in incident response exercises and simulations
Ex4:
Define and coordinate crisis communication methods and protocols between the organization and its critical suppliers
Ex5:
Conduct collaborative lessons learned sessions with critical suppliers