Does your organization have a process to reassess and update recovery plans based on changes in organizational needs and available resources?
Explanation
Keeping recovery plans current is the point of this item, namely whether you reassess and update them as organizational needs and available resources change. As organizations evolve, their recovery requirements and capabilities change, requiring updates to recovery time objectives, recovery point objectives, and recovery strategies.
Evidence could include documented review cycles of recovery plans, meeting minutes from recovery plan reassessment sessions, change logs showing updates to recovery plans based on resource changes, or formal reports comparing current organizational needs against existing recovery capabilities.
Implementation Example
Change planned recovery actions based on a reassessment of organizational needs and resources
ID: RC.RP-02.349
Context
- Function
- RC: RECOVER
- Category
- RC.RP: Incident Recovery Plan Execution
- Sub-Category
- Recovery actions are selected, scoped, prioritized, and performed
Related questions
- Has your organization established documented procedures to initiate recovery processes during or immediately following security incident response?
- Have all personnel with recovery responsibilities been formally trained on the recovery plans and their specific authorization levels?
- Has your organization defined criteria for selecting recovery actions during incident response, and are these criteria followed when responding to security incidents?
- Does your organization verify restoration assets for integrity issues and indicators of compromise before using them in recovery operations?
- Does your organization use business impact assessments and system categorization records to prioritize the restoration of essential services during recovery operations?
- Does your organization have a documented process for verifying successful system restoration and confirming the return to normal operations after an incident or outage?

