You identified the point of contact, or POC, within your organization that is the liaison to one or more external stakeholders. Why must the POC consult with the appropriate internal stakeholder (legal, media relations, HR, and others) before speaking with the external stakeholder?
- The internal stakeholder is ultimately responsible for security breaches.
- The internal stakeholder can provide guidance on releasing sensitive information to the external stakeholder.
- The POC cannot identify external stakeholders or their responsibilities.
- The POC must speak only with an external stakeholder.
| Explanation & Hint:
The reason the POC must consult with the appropriate internal stakeholder (such as legal, media relations, HR, and others) before speaking with an external stakeholder is that: The internal stakeholder can provide guidance on releasing sensitive information to the external stakeholder. Internal stakeholders, particularly legal, media relations, and HR, can offer expertise and guidance on how to handle communications with external stakeholders, including what information can or should be disclosed, how to frame the message, and what legal or regulatory considerations need to be taken into account. They help ensure that the organization’s communication is consistent, compliant, and protective of its interests. |