PL-2(3) — Plan and Coordinate with Other Organizational Entities

Your security planning should be coordinated with other groups in your organization that have related responsibilities — IT operations, privacy, legal, HR, and physical security teams all need to be aligned.

Example 1: When developing or updating your SSP, circulate drafts to stakeholders: the privacy officer (for PII handling), HR (for personnel security), facilities (for physical security), and legal (for compliance requirements). Document their feedback and how it was incorporated.

Example 2: Establish a security planning review board that meets quarterly and includes representatives from IT, security, privacy, legal, and business operations. Use this forum to coordinate security plan updates, discuss new requirements, and resolve conflicts between operational needs and security controls.