6. Coordination and communication
Across the life cycle of a cyber incident, organisations coordinate with their trusted stakeholders to maintain good cyber situational awareness and enhance the cyber resilience of the ecosystem in which they operate. During a cyber incident, organisations communicate on an agreed frequency, granularity and language appropriate to each stakeholder group, in order to engage and promote their CIRR activities. Close coordination with relevant internal and external stakeholders (see Box 2), including authorities, throughout the CIRR life cycle enables timely communication of progress and outcomes of the CIRR activities. Collective actions can be taken by stakeholders throughout their supply chain or orchestrated in their ecosystem.
36. Timely escalation. Organisations escalate cyber incidents to relevant stakeholders within the organisation based on the agreed severity assessment framework to avoid delays in addressing the incident. Timely escalation to the organisations' decision-makers is essential for the acceleration of CIRR actions, which include seeking approval and authorisation to implement response and recovery plans. Organisations also agree with third-party service providers to provide timely escalation wherever relevant through the SLAs. Organisations maintain the accuracy and integrity of information during this process and avoid hierarchical smoothing of risk as it traverses levels of seniority and functional or organisation boundaries.