Has your organization established and documented contingency plans for incident response, business continuity, and disaster recovery to address adverse events?
Explanation
Contingency plans are essential for organizations to effectively respond to and recover from security incidents, service disruptions, or disasters that could impact operations or expose sensitive data. These plans should include defined procedures for incident detection, response protocols, recovery strategies, and communication workflows to minimize downtime and data loss.
Evidence of fulfillment could include formal documentation of incident response plans, business continuity plans, and disaster recovery plans that are regularly reviewed and updated. These documents should contain clear roles and responsibilities, escalation procedures, recovery time objectives, and testing schedules.
Implementation Example
Establish contingency plans (e.g., incident response, business continuity, disaster recovery) for responding to and recovering from adverse events that can interfere with operations, expose confidential information, or otherwise endanger the organization's mission and viability
ID: ID.IM-04.189
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved
Related questions
- Does your organization regularly conduct self-assessments of critical services that incorporate current threat intelligence and adversary tactics, techniques, and procedures (TTPs)?
- Has your organization conducted third-party assessments or independent audits of your cybersecurity program within the past 12 months?
- Does your organization utilize automated tools or systems to continuously evaluate compliance with your established cybersecurity requirements?
- Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
- Does your organization have a formal process to identify and implement improvements to business continuity, disaster recovery, and incident response plans based on exercises conducted with critical service providers and suppliers?
- Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?

