GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
Ex1: Determine how to update senior executives, directors, and management on the organization’s cybersecurity posture at agreed-upon intervals
Ex2: Identify how all departments across the organization — such as management, operations, internal auditors, legal, acquisition, physical security, and HR — will communicate with each other about cybersecurity risks
Tier
Description
Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties