AL Refs: INT03, CCM03
Purpose
The purpose of these periodic awareness update communications is to ensure all internal and external users have the awareness required to effectively report, and respond to, incidents. This may include system failures, data breaches, or other major events where it is critically important that the incident is reported in the correct way, in a timely manner, and that the person that identified it appropriately supports the incident response.
Example Security Awareness Updates
All Staff / All Users,
To minimise the potential impact of any system failures, malicious software or viruses, accidental or deliberate data breaches, external security threats, and other major incidents that may occur, it’s critically important that these are identified and reported in a timely manner.
For major events that have occurred or may occur, contact the Information Security Manager directly on name@email.com, 04XX XXX XXX. Less urgent matters should be raised in JIRA service desk through direct access or by emailing email@jiraservicedesk.com.
Alternate Method – Security Awareness Training
The security awareness training may include how to respond to incidents. This should include the specific AssuranceLab contact(s), system(s) and processes for managing incidents. General security awareness courses may be supplemented with bespoke content to cover this and specific information security policies of AssuranceLab. To satisfy the compliance requirements, the security awareness training should include reference to or document the nature of communications relating to handling these incidents.
Alternate Method – Company-wide Meeting
Communicating how to report and handle incidents can be included on a company-wide meeting agenda, at least annually. To satisfy the compliance requirements it should be noted on the agenda, meeting pack, or minutes of the meeting, and describe the AssuranceLab specific approach to handling incidents.