ID.IM-04.189

Has your organization established and documented contingency plans for incident response, business continuity, and disaster recovery to address adverse events?

Explanation

Contingency plans are essential for organizations to effectively respond to and recover from security incidents, service disruptions, or disasters that could impact operations or expose sensitive data. These plans should include defined procedures for incident detection, response protocols, recovery strategies, and communication workflows to minimize downtime and data loss. Evidence of fulfillment could include formal documentation of incident response plans, business continuity plans, and disaster recovery plans that are regularly reviewed and updated. These documents should contain clear roles and responsibilities, escalation procedures, recovery time objectives, and testing schedules.

Implementation Example

Establish contingency plans (e.g., incident response, business continuity, disaster recovery) for responding to and recovering from adverse events that can interfere with operations, expose confidential information, or otherwise endanger the organization's mission and viability

ID: ID.IM-04.189

Context

Function
ID: IDENTIFY
Category
ID.IM: Improvement
Sub-Category
Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron