ELI5: What is a Communication Plan?
During an emergency, a communication plan says who calls who and what they are allowed to say. It is like the phone tree your school uses to tell parents about a snow day.
Definition
A communication plan defines the procedures, contacts, and messaging for notifying internal and external stakeholders during a security incident or crisis. Effective communication is critical during incidents to ensure the right people receive the right information at the right time, while avoiding premature or inaccurate public disclosures that could cause additional harm or legal liability.
Key Details
- Internal notifications: security team, IT, management, legal, HR (for insider threat incidents)
- External notifications: law enforcement (FBI, CISA), regulators (if required by compliance), affected customers
- Pre-drafted communication templates reduce delays during actual incidents
- Legal counsel should review all external communications before release
- Notification timelines vary by regulation: GDPR requires 72-hour notification to supervisory authorities
Connections
- Parent: incident-response — communication plan is a core component of incident response preparation
- See also: preparation