RS.MA-01: The incident response plan is executed in coordination with the relevant third parties once an incident is declared.
1. A plan is defined, implemented, updated, and documented for managing cybersecurity incidents and notifying CSIRT Italy, in accordance with Article 25 of the NIS decree, which includes at least: a) the stages and procedures for managing and notifying incidents with an indication of the respective roles and responsibilities; b) the procedures for the preparation and transmission of reports as referred to in Article 25, paragraph 5, letters c), d), and e) of the NIS decree; c) the contact information for reporting incidents; d) the methods of internal communication, including regarding the involvement of administrative and executive bodies, and external communication; e) the reporting to be used for documenting the incident.
2. The plan referred to in point 1 is approved by the administrative and executive bodies.
3. The plan referred to in point 1 is reviewed and, if appropriate, updated periodically and at least every two years, as well as whenever significant incidents occur, incorporating the lessons learned, or changes in threat exposure and related risks.
Requirement Covered
Description
The incident response plan is executed in coordination with the relevant third parties once an incident is declared.