Appendix J: Communications Plan - Template
Healthcare and Public Health Sector Cybersecurity Framework Implementation Guide
|
Vehicle Target |
Communication Vehicle | Purpose/Content | Intended Audience | Details | Frequency | Strategy | Responsible Party |
|---|---|---|---|---|---|---|---|
|
All
Audiences |
Corporate-wide E-mail |
Framework Announcement Updates
|
All | Once |
Enterprise-wide | ||
| Web-based Collaborative Platform | Open repository for all project materials, including Processes, workflows, templates, newsletters, contact lists, presentations, and Information Security materials | All employees interested in learning about Information Security Processes | Monitor for updates | Enterprise-wide and targeted | |||
| Security Training | Information Security Awareness Training | All identified personnel |
As
scheduled
|
Initial/Annually |
Targeted | ||
| Security Bulletins | Newsletter announcing successes, activities, items of interest, etc. to be posted to the Portal | All personnel |
As
scheduled
|
Ongoing | Corporate-wide and targeted | ||
| Leadership Team | One-on-One meetings/ conversations | Two-way exchange on Information Security Initiatives, benefits, and progress (high-level) | Leadership Team | Ongoing | Periodic | Targeted |
Executive Sponsor |
| Customers | Press Release | Press Release announcing any applicable Information Security announcements | All | As Applicable | Once | Internal/ External audiences | Communications Team |
| Security Assessment Participants | Templates | Templates used for Documents | All users | Ongoing | As Needed | Corporate-wide and targeted | Security Officer |
| Lessons Learned | Meeting for participants after delivery of critical milestones to discuss what went well, what could have gone better, and what to do differently next time | Assessment Participants | ASAP | As needed |
Corporate-wide and targeted |
Security Officer | |
| Post Assessment Reviews | Reviews of assessment outcomes | Assessment Participants | Assessment schedule | As scheduled | Targeted |
Security Officer | |
| E-mail Distribution List | Distribution Lists for targeted communications to be updated frequently and stored on the portal | Assessment Participants | Immediately | Ongoing |
Targeted | Security Officer
|
|
| SharePoint or Another Repository Platform | Repository for working documents | Targeted | Ongoing | Periodic | Targeted | Security Officer
|
|
| Corrective/ Preventive Notification | Notification of service improvement activities (corrective/preventive/non-conformance actions), progress, and status | Assessment Participants | Ongoing | Ongoing | Targeted | Security Officer | |
| Team Meetings | Forum to share knowledge, status, and to promote coordination | Assessment Participants | Ongoing | As needed | Targeted | Security Officer |