RC.CO-1: Recovery Public Relations Management
RC.CO-1 requires organizations to establish and manage public relations strategies during recovery operations following a cybersecurity incident. Effective public relations management protects your organization's reputation, maintains stakeholder trust, and ensures consistent messaging across all communications channels during critical recovery phases.
What this means
Recovery public relations management means having documented processes and designated personnel to handle all external communications when your organization is recovering from a cybersecurity incident. This control ensures that your messaging is coordinated, accurate, and timely—preventing misinformation, managing stakeholder expectations, and protecting your brand reputation during a vulnerable period. It includes defining who speaks publicly, what messages are approved, and how different audiences (customers, regulators, employees, media) receive information.
How to comply
- 1.Develop a recovery communications plan that identifies spokespersons, communication channels, and message templates for different incident scenarios
- 2.Establish a communications team with clear roles, authority levels, and escalation procedures for approving public statements
- 3.Create pre-approved messaging frameworks that address common stakeholder concerns while maintaining legal and regulatory compliance
- 4.Document procedures for coordinating with legal, PR, regulatory, and technical teams before releasing any public information
- 5.Define timelines for initial acknowledgment, updates, and final communications to prevent communication gaps during recovery
- 6.Test your recovery communications plan during tabletop exercises and post-incident reviews to identify improvement areas
- 7.Maintain records of all public communications issued during recovery for audit and compliance documentation
Evidence auditors look for
- Recovery communications plan document with defined roles, responsibilities, and approval workflows
- List of pre-designated internal and external spokespersons with contact information and authority levels
- Message templates and talking points for different incident severity levels and stakeholder groups
- Communication timeline and escalation procedures integrated into your incident response plan
- Records of past incident communications and stakeholder outreach activities
- Training records demonstrating that team members understand their communications responsibilities
- Post-incident reviews documenting how communications were handled and lessons learned
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch streamlines recovery communications compliance by centralizing your approved messaging templates, communication approval workflows, and stakeholder contact lists—so your team can execute your PR plan without hunting through documents during a critical incident.
See how GRCWatch handles this control automatically
Start free trial