Stablecoin issuers must ensure that critical cyber security incidents detected are escalated to an incident response team, management and the Board, in accordance with the licensee’s business continuity plan and crisis management plan, and that an appropriate response is implemented promptly. Also refer to Paragraph SIO-9.6.61 for the requirement to report to the CBB.