Generally Accepted System Security Principles

P-7 Timeliness Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


Public and private parties, at both national and international levels, should act in a timely coordinated manner to prevent and to respond to breaches of the security of information systems.


Due to the interconnected and transborder nature of information systems and the potential for damage to systems to occur rapidly, organizations may need to act together swiftly to meet challenges to the security of information systems. In addition, international and many national bodies require organizations to respond in a timely manner to requests by individuals for corrections of privacy data. This principle recognizes the need for the public and private sectors to establish mechanisms and procedures for rapid and effective incident reporting, handling, and response.

This principle also recognizes the need for information security principles to use current, certifiable threat and vulnerability information when making risk decisions, and current certifiable safeguard implementation and availability information when making risk reduction decisions.

For example, an information system may also have a requirement for rapid and effective incident reporting, handling, and response. In an information system, this may take the form of time limits for reset and recovery after a failure or disaster. Each component of a continuity plan, continuity of operations plans, and disaster recovery plan should have timeliness as a criteria. These criteria should include provisions for the impact the event (e.g., disaster) may have on resource availability and the ability to respond in a timely manner.