Following up on the cybersecurity related incidents, USA’s SEC has mandated public companies to take several actions which include cybersecurity disclosure. This mandate takes effect on December 18, 2023. Let’s look at how it affects companies’ stakeholders, technology teams, and corporate governance.
A key factor that’s important for quality and testing space is to test the response plan. A lot of thought needs to go into devising the plan, reviewing it, and putting it in place for mock trials, and then iterate on the plan for betterment. The jobs of technologists, especially the ones specializing in security is going to be important moving forward. Developers and testers need to adhere to the plan while developing code and testing. Corporate officers need to make sure that the plan is up to date and need to keep the board updated on the security plan.
Another important aspect is the insurance linked to security incidents. As I went through the saliant points of the action plan, I found it interesting that many points are aligned with sharing, working with, and updating the insurance companies so that they are in the same page as the company when it comes to the insurance package and both sides clearly agree on what’s covered and the governance.
Government forms related to cybersecurity disclosure need to be filled regularly. Hope this does not mean just checkmarks and sincere efforts are made to implement the plan.
Just last week, ‘secure by design’ initiative was launched, and soon the disclosure mandate goes live. It is interesting times to live and work, and let’s see how these shape up.
For your organisation’s software quality related needs, feel free to get in touch with me.