The organisation collaborates with external entities to contribute to the development and implementation of cybersecurity standards, guidelines, leading practices, lessons learned, and emerging technologies
Context and Guidance: In addition to maintaining awareness of any industry cybersecurity standards that the organisation is obligated to comply with (such as the North American Energy Reliability Corporation Critical Infrastructure Protection standard), the organisation should assign responsibility to selected personnel to contribute to industry efforts to develop cybersecurity practices or guidelines. For example, the Payment Card Industry practices were developed by stakeholders in the credit card industry for voluntary implementation.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: PROGRAM-2f, PROGRAM-2j.