An incident may involve regulated personal data. Who should be engaged early to determine notification obligations? If the primary audience is SOC manager, which content choice is most appropriate?
Notification decisions depend on law, contract, data type, jurisdiction, and timing. The report should be tuned to SOC manager while preserving factual accuracy.
Why this answer
When an incident involves regulated personal data (e.g., PII, PHI, or GDPR-protected data), legal, privacy, and compliance stakeholders must be engaged early to determine notification obligations. These stakeholders interpret breach notification laws (such as HIPAA, GDPR, or CCPA) and advise on required timelines, affected parties, and regulatory reporting. The SOC manager needs this input to ensure the incident response plan aligns with legal mandates, not just technical containment.
Exam trap
Cisco often tests the misconception that technical teams (e.g., vulnerability scanner vendors) or non-IT departments (e.g., facilities) are responsible for legal compliance decisions, when in fact only legal, privacy, and compliance stakeholders have the authority to determine notification obligations.
How to eliminate wrong answers
Option A is wrong because the facilities manager handles physical security and building access, not data privacy regulations or breach notification laws. Option B is wrong because the vulnerability scanner vendor provides technical scanning tools but has no authority or expertise to determine legal notification obligations for regulated data. Option C is wrong because the graphic design team creates visual assets and has no role in incident response or compliance decisions regarding personal data breaches.