THE EDELMAN DATA SECURITY AUDIT TOOL

As data security incidents continue to impact companies around the world, being prepared to effectively
communicate at a moments notice is more important
than ever. To help companies understand their current
level of preparedness and improve communications
during a data security incident, Edelman has developed
a proprietary Data Security Audit tool. The new tool
evaluates key tenets of preparedness including coordination, planning, testing and readiness, and offers
insight and recommendations for improvement so companies are prepared to reach key stakeholders quickly
and effectively if theyre impacted by a data security
issue.

Following document review, the Edelman team will hold

interviews with key senior executives (e.g. IT, legal,
communications, risk and c-suite) and other applicable
stakeholders to discuss communications planning and
preparedness. Questions will focus on the teams
understanding of data breaches, level of coordination
with other cross-office teams, understanding of security media, and internal planning and preparation
processes. All documents and information gathered
during the interview would remain confidential and
would not be shared outside of the small Edelman team
working on the assessment.

The Assessment Process

Edelman will review a series of the companys existing
communications documents and conduct brief interviews with senior-level communications staff as well
as key stakeholders including legal counsel and IT
teams. The following documents will be reviewed for
the assessment (as available):
Crisis communications plans and protocols
Issue escalation plans and relevant internal issue
notification processes
Pre-drafted crisis and/or data breach statements
Mock data breach testing materials
Coverage monitoring reports

The Outcome
At the end of Edelmans assessment, the company will
receive an overall score of preparedness. The detailed
report card will also include:
Sub-scores assessing preparedness in
Communications Planning, Testing and Readiness,
and Communications Integration
An analysis of strengths and weaknesses across
these key areas
Recommendations for improving data breach
communication preparedness and actions the
company can take immediately to improve
preparedness

RESULTS
33
30
27
24
21
18
15
12
9
6
3
0

19 out of 33
30

19

Data Breach
Communications
Planning

Testing and
Readiness

Communications
Integration

METHODOLOGY

Includes an overview of the documents reviewed and

people interviewed. Ideally this would be:
General crisis comms plan
Data breach response plan (if available)
Interviews with the top one or two people in the
communications team and/or those in charge of crisis
comms/incident response.
These were evaluated using a proprietary Edelman tool to
measure how prepared an organization is to manage a data
breach. Three categories of preparedness were evaluated
using a standard set of questions and a point system to
measure preparedness. The Score Analysis section to the
right explains the scoring process and points to address.
Specic recommendations to increase [Companys] crisis
preparedness are included on the following pages.

edelman.com/expertise/data-security-privacy/

Communications Planning

[Communications Planning is an assessment of a companys preparedness to respond to

various types of data breaches. An overview should be provided on the strength and
weakness of a companys data breach comms planning and how prepared the company
is to handle crises generally and breaches, more specically. Recommendations should
be made on areas to address. This likely includes:]
Organization and details of current communications plan
Awareness of potential data breach threats and communications
Planning for communication across available channels
Protocols and statements for various audiences

8 out of 33

Testing and Readiness

[Testing and Readiness assesses if the data breach communications plan has been tested
and fosters e ective response to a data breach. An overview should be provided on the
strengths and weaknesses in this category as well as next steps. Likely steps include:]
Increase frequency of testing the data breach comms plan in a simulation
Need to include IT/Legal/Comms/outside groups in simulation
Need to monitor key media

30 out of 33

Communications Integration

[Communications Integration is an assessment of integration with communications, IT and

legal teams and others critical for e ectively responding to a data breach. An overview
should be provided on strength and weaknesses in this area, as well as specic areas to
address. This will likely include:]
Involve legal and IT teams in data breach comms planning
Media train a data breach spokesperson
Regularly share information between IT, comms and legal
@EdelmanDSP