1.
Roles and responsibilities for incident response personnel are thoroughly defined and communicated.
2.
Cybersecurity incidents are properly communicated throughout the organization when they occur. Information related to the event is shared in a manner consistent with the Incident Response Plan.
3.
Formal, documented processes and procedures for investigating notifications of suspicious activity are executed and maintained by the incident response team.
4.
Formal, documented process & procedures exist to ensure preservation of forensic evidence during or after an event.
5.
The organization has the capability to quickly contain and mitigate cybersecurity incidents.
6.
The Incident Response Plan is regularly reviewed and updated based on test results or actual events.
