I am interested in finding out if anyone has developed an incident report that you use when a third-party has reported to you that a cyberattack/data breach has hit their systems? Is there a checklist you use to ensure that they have communicated to your customers, have put the proper controls in place to ensure future attack doesn't happen, etc? With the Data Privacy laws, new CyberSecurity laws coming in place and more and more reports in the news, I'm curious on how others are handling the audit/monitoring/reporting of these type of events.
Thank You