Have all personnel with recovery responsibilities been formally trained on the recovery plans and their specific authorization levels?
Explanation
Recovery-team readiness is what's being verified: whether everyone with recovery duties has been formally trained on the recovery plans and their specific authorization levels. Proper awareness ensures that during a crisis, personnel understand their roles, know what actions they're authorized to take, and can execute recovery procedures without delays or confusion.
Evidence could include training records showing that recovery team members have been briefed on the plans, documentation of role-specific training sessions, signed acknowledgments from staff confirming their understanding of recovery responsibilities, or records of recovery simulation exercises where staff demonstrated their knowledge of the plans and authorization requirements.
Implementation Example
Make all individuals with recovery responsibilities aware of the plans for recovery and the authorizations required to implement each aspect of the plans
ID: RC.RP-01.347
Context
- Function
- RC: RECOVER
- Category
- RC.RP: Incident Recovery Plan Execution
- Sub-Category
- The recovery portion of the incident response plan is executed once initiated from the incident response process
Related questions
- Has your organization established documented procedures to initiate recovery processes during or immediately following security incident response?
- Has your organization defined criteria for selecting recovery actions during incident response, and are these criteria followed when responding to security incidents?
- Does your organization have a process to reassess and update recovery plans based on changes in organizational needs and available resources?
- Does your organization verify restoration assets for integrity issues and indicators of compromise before using them in recovery operations?
- Does your organization use business impact assessments and system categorization records to prioritize the restoration of essential services during recovery operations?
- Does your organization have a documented process for verifying successful system restoration and confirming the return to normal operations after an incident or outage?

