Appendix J: Communications Plan - Template
Healthcare and Public Health Sector Cybersecurity Framework Implementation Guide
| Vehicle Target | Communication Vehicle | Purpose/Content | Intended Audience | Details | Frequency | Strategy | Responsible Party |
|---|---|---|---|---|---|---|---|
| All Audiences | Corporate-wide E-mail | Framework Announcement Updates | All | Once | Enterprise-wide | ||
| Web-based Collaborative Platform | Open repository for all project materials, including Processes, workflows, templates, newsletters, contact lists, presentations, and Information Security materials | All employees interested in learning about Information Security Processes | Monitor for updates | Enterprise-wide and targeted | |||
| Security Training | Information Security Awareness Training | All identified personnel | As scheduled | Initial/Annually | Targeted | ||
| Security Bulletins | Newsletter announcing successes, activities, items of interest, etc. to be posted to the Portal | All personnel | As scheduled | Ongoing | Corporate-wide and targeted | ||
| Leadership Team | One-on-One meetings/ conversations | Two-way exchange on Information Security Initiatives, benefits, and progress (high-level) | Leadership Team | Ongoing | Periodic | Targeted | Executive Sponsor |
| Customers | Press Release | Press Release announcing any applicable Information Security announcements | All | As Applicable | Once | Internal/ External audiences | Communications Team |
| Security Assessment Participants | Templates | Templates used for Documents | All users | Ongoing | As Needed | Corporate-wide and targeted | Security Officer |
| Lessons Learned | Meeting for participants after delivery of critical milestones to discuss what went well, what could have gone better, and what to do differently next time | Assessment Participants | ASAP | As needed | Corporate-wide and targeted | Security Officer | |
| Post Assessment Reviews | Reviews of assessment outcomes | Assessment Participants | Assessment schedule | As scheduled | Targeted | Security Officer | |
| E-mail Distribution List | Distribution Lists for targeted communications to be updated frequently and stored on the portal | Assessment Participants | Immediately | Ongoing | Targeted | Security Officer | |
| SharePoint or Another Repository Platform | Repository for working documents | Targeted | Ongoing | Periodic | Targeted | Security Officer | |
| Corrective/ Preventive Notification | Notification of service improvement activities (corrective/preventive/non-conformance actions), progress, and status | Assessment Participants | Ongoing | Ongoing | Targeted | Security Officer | |
| Team Meetings | Forum to share knowledge, status, and to promote coordination | Assessment Participants | Ongoing | As needed | Targeted | Security Officer |