Checklist of ISO/IEC 27001-A.6.1.3 Contact with authorities

Introduction:

Businesses face various types of risks, including natural disasters, cyber-attacks, and other emergencies. 

When such incidents occur, the first line of response is often the contact with regulatory or other authorities and bodies that might need to be contacted in case of queries, incidents, and emergencies. 

Therefore, it is critical for enterprises to maintain readily available and up-to-date contact details for law enforcement, emergency services, and maintenance/support personnel for HVAC, power, water supply, telecommunication services, etc. 

This article provides sample checklists for enterprises to assess their readiness in this aspect and emphasizes the importance of maintaining regular contact with these authorities.

Sample Checklist:

  • Is there a readily available list of contact details for regulatory or other authorities and bodies that might need to be contacted in case of queries, incidents, and emergencies?
  • Who is responsible for contacting the authorities, and at what point of an incident/event is this contact made, and how?
  • Has this contact been made before, and is informal and regular contact maintained with these authorities so that both sides (the enterprise and such authorities) are not surprised in times of emergency?
  • Have the contact details for authorities for the identified significant risks been included in the output of the risk assessment?
  • Is the list of contact details current and correct, and is there a maintenance process to update the list regularly?

Conclusion:

Having readily available and up-to-date contact details for regulatory or other authorities and bodies is critical for enterprises to respond effectively to incidents and emergencies. 

See also  Checklist of ISO/IEC 27001-A.14.2.6 Secure development environment

The checklist provided in this article can help enterprises assess their readiness in this aspect and identify any gaps that need to be addressed. 

Moreover, regular contact with these authorities can help build relationships and improve the enterprise’s response to incidents and emergencies. 

Therefore, enterprises should ensure that the contact details are current, correct, and regularly updated.

Leave a comment

Your email address will not be published. Required fields are marked *