Created by BlockSecNerd, @Game7 April 18, 2022
Edited by YOU
This checklist should be used as an overview for Critical Information Communication.
Descriptions of the company's services and systems are available to both internal personnel and external users.
-
Services and products overview
-
Architecture and network diagram
Security commitments and expectations are communicated to both internal personnel and external users via the company's website.
- Security commitments on website
Terms of Service or the equivalent are published or shared to external users.
-
Terms of service on website
-
Master Service Agreements
-
Branch merge request approvals
-
Cloud infrastructure configuration changes are tracked
Critical information is communicated to external parties, as applicable.
-
Terms of Service and Privacy Policy show date of last update
-
Internal communications channel
-
External communications channel
-
Notify applicable customers and regulatory bodies for security incidents
-
Maintain communication channels with law enforcement
A confidential reporting channel is made available to internal personnel and external parties to report security and other identified concerns.
-
Security email on website
-
Support page or email
A Privacy Policy to both external users and internal personnel. This policy details the company's privacy commitments.
- Privacy Policy on website