RC.RP-02.348

Has your organization defined criteria for selecting recovery actions during incident response, and are these criteria followed when responding to security incidents?

Explanation

This question assesses whether your organization has established clear guidelines for determining appropriate recovery actions during security incidents and consistently applies these guidelines when incidents occur. Having predefined criteria helps ensure that recovery efforts are systematic, prioritized correctly, and aligned with business needs rather than being ad hoc or inconsistent. Evidence could include a documented incident response plan with a section on recovery action selection criteria, decision matrices that map incident types to appropriate recovery actions, or post-incident reports showing how recovery decisions were made based on established criteria.

Implementation Example

Select recovery actions based on the criteria defined in the incident response plan and available resources

ID: RC.RP-02.348

Context

Function: RC: RECOVER
Category: RC.RP: Incident Recovery Plan Execution
Sub-Category: Recovery actions are selected, scoped, prioritized, and performed

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub