The organization plans and coordinates security-related activities affecting the information system with [organization-defined individuals or groups] before conducting such activities in order to reduce the impact on other organizational entities.
Supplemental
Security-related activities include, for example, security assessments, audits, hardware and software maintenance, patch management, and contingency plan testing. Advance planning and coordination includes emergency and nonemergency (i.e., planned or nonurgent unplanned) situations. The process defined by organizations to plan and coordinate security-related activities can be included in security plans for information systems or other documents, as appropriate.