Does your organization use business impact assessments and system categorization records to prioritize the restoration of essential services during recovery operations?
Explanation
Recovery prioritization is what's being assessed: whether you use business impact assessments and system categorization records to decide which essential services are restored first during recovery.
By using business impact assessments and system categorization records, organizations can ensure that the most critical services are restored first, minimizing business disruption and financial impact.
This approach helps align IT recovery efforts with actual business priorities rather than technical considerations alone.
Evidence could include a documented service restoration priority matrix that maps essential services to their business impact levels, recovery time objectives (RTOs), and recovery point objectives (RPOs). This matrix should demonstrate clear alignment between business impact assessments and the sequence in which systems are restored during recovery operations.
Implementation Example
Use business impact and system categorization records (including service delivery objectives) to validate that essential services are restored in the appropriate order
ID: RC.RP-04.351
Context
- Function
- RC: RECOVER
- Category
- RC.RP: Incident Recovery Plan Execution
- Sub-Category
- Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms
Related questions
- Has your organization established documented procedures to initiate recovery processes during or immediately following security incident response?
- Have all personnel with recovery responsibilities been formally trained on the recovery plans and their specific authorization levels?
- Has your organization defined criteria for selecting recovery actions during incident response, and are these criteria followed when responding to security incidents?
- Does your organization have a process to reassess and update recovery plans based on changes in organizational needs and available resources?
- Does your organization verify restoration assets for integrity issues and indicators of compromise before using them in recovery operations?
- Does your organization have a documented process for verifying successful system restoration and confirming the return to normal operations after an incident or outage?

