RC.RP-01.347

Have all personnel with recovery responsibilities been formally trained on the recovery plans and their specific authorization levels?

Explanation

This question assesses whether your organization has properly prepared staff who will be involved in disaster recovery or business continuity operations. Proper awareness ensures that during a crisis, personnel understand their roles, know what actions they're authorized to take, and can execute recovery procedures without delays or confusion. Evidence could include training records showing that recovery team members have been briefed on the plans, documentation of role-specific training sessions, signed acknowledgments from staff confirming their understanding of recovery responsibilities, or records of recovery simulation exercises where staff demonstrated their knowledge of the plans and authorization requirements.

Implementation Example

Make all individuals with recovery responsibilities aware of the plans for recovery and the authorizations required to implement each aspect of the plans

ID: RC.RP-01.347

Context

Function: RC: RECOVER
Category: RC.RP: Incident Recovery Plan Execution
Sub-Category: The recovery portion of the incident response plan is executed once initiated from the incident response process

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub