RM-3.1.4
Senior management, and where appropriate, the boards, should receive comprehensive reports covering cyber security issues such as the following:
a. Key Risk Indicators/Key Performance Indicators;
b. Status reports on overall cyber security control maturity levels;
c. Status of staff Information Security awareness;
d. Updates on latest internal or relevant external cyber security incidents; and
e. Results from penetration testing exercises.
Added: January 2022