Mechanisms exist to document, monitor and report the status of cybersecurity & data privacy incidents to internal stakeholders all the way through the resolution of the incident.
Does the organization document, monitor and report the status of cybersecurity & data privacy incidents to internal stakeholders all the way through the resolution of the incident?