Security Communication and Information
COSO Principle 15: The entity communicates with external parties regarding matters affecting the functioning of internal control.
Communicates to External Parties—Processes are in place to communicate relevant and timely information to external parties including shareholders partners owners regulators customers financial analysts and other external parties.Enables Inbound Communications—Open communication channels allow input from customers consumers suppliers external auditors regulators financial analysts and others providing management and the board of directors with relevant information.Communicates With the Board of Directors—Relevant information resulting from assessments conducted by external parties is communicated to the board of directors.Provides Separate Communication Lines—Separate communication channels such as whistle-blower hotlines are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or ineffective.Selects Relevant Method of Communication—The method of communication considers the timing audience and nature of the communication and legal regulatory and fiduciary requirements and expectations. Communicates Objectives Related to Confidentiality and Changes to Objectives— The entity communicates to external users vendors business partners and others whose products and services are part of the system objectives and changes to objectives related to confidentiality. Communicates Objectives Related to Privacy and Changes to Objectives—The entity communicates to external users vendors business partners and others whose products and services are part of the system objectives related to privacy and changes to those objectives. Communicates Information About System Operation and Boundaries—The entity prepares and communicates information about the design and operation of the system and its boundaries to authorized external users to permit users to understand their role in the system and the results of system operation. Communicates System Objectives—The entity communicates its system objectives to appropriate external users. Communicates System Responsibilities—External users with responsibility for designing developing implementing operating maintaining and monitoring system controls receive communications about their responsibilities and have the information necessary to carry out those responsibilities.Communicates Information on Reporting System Failures Incidents Concerns and Other Matters—External users are provided with information on how to report systems failures incidents concerns and other complaints to appropriate personnel.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8