IR-8(1) - Incident Response Plan | Breaches

Include the following in the Incident Response Plan for breaches involving personally identifiable information: (a) A process to determine if notice to individuals or other organizations, including oversight organizations, is needed; (b) An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and (c) Identification of applicable privacy requirements.

Informational References

ID: IR-8(1)
Enhancement of : IR-8
Created: 2023/05/08
Last Modified: 2023/05/08

Countermeasures Covered by Control

ID Name Description

Space Threats Tagged by Control

ID Description

Sample Requirements


Related SPARTA Techniques and Sub-Techniques

ID Name Description