Crisis Communication Plan (SP 800-61r3)

Phase
Communication Goals
Audience
Channel/Tools

Preparation

Stakeholder map, contact directory, draft messages

Exec, regulators, media

Email, secure comms, Slack

Detection

Initial internal alert, gather incident handlers

CISO, SOC, IT Ops

PagerDuty, Teams

Containment

Regular updates, incident classification

ExCo, affected departments

War Room, Internal Wiki

Recovery

Notify impacted users, service restoration ETA

Clients, partners, public

Website, social, CRM

Post

Publish root cause, lessons learnt, compliance statement

FCA, board, clients

Formal memo, reports

PreviousIT Continuity Testing (SP 800-84)NextIntegration with Incident Management

Last updated