Does your organization have a formal process to identify and implement improvements to business continuity, disaster recovery, and incident response plans based on exercises conducted with critical service providers and suppliers?
Explanation
Learning from resilience exercises is the concern: whether you systematically improve continuity, disaster recovery, and incident response plans based on tests run with critical providers and suppliers. Organizations should conduct joint exercises with critical vendors and suppliers, document findings, and implement identified improvements to ensure coordinated response capabilities during actual disruptions.
Evidence could include: post-exercise reports with documented improvement recommendations, meeting minutes from debriefing sessions with third parties, updated business continuity or disaster recovery plans showing changes implemented based on exercise findings, or a formal improvement tracking system that monitors the implementation status of lessons learned from joint exercises.
Implementation Example
Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
ID: ID.IM-02.181
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
Related questions
- Does your organization regularly conduct self-assessments of critical services that incorporate current threat intelligence and adversary tactics, techniques, and procedures (TTPs)?
- Has your organization conducted third-party assessments or independent audits of your cybersecurity program within the past 12 months?
- Does your organization utilize automated tools or systems to continuously evaluate compliance with your established cybersecurity requirements?
- Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
- Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?
- Does your organization conduct penetration testing on high-risk systems with leadership approval?

