RC.RP-04.351
Does your organization use business impact assessments and system categorization records to prioritize the restoration of essential services during recovery operations?
Explanation
This question assesses whether your organization has a structured approach to service restoration based on business criticality during incidents or disasters. By using business impact assessments and system categorization records, organizations can ensure that the most critical services are restored first, minimizing business disruption and financial impact. This approach helps align IT recovery efforts with actual business priorities rather than technical considerations alone. Evidence could include a documented service restoration priority matrix that maps essential services to their business impact levels, recovery time objectives (RTOs), and recovery point objectives (RPOs). This matrix should demonstrate clear alignment between business impact assessments and the sequence in which systems are restored during recovery operations.
Implementation Example
Use business impact and system categorization records (including service delivery objectives) to validate that essential services are restored in the appropriate order
ID: RC.RP-04.351
Context
- Function
- RC: RECOVER
- Category
- RC.RP: Incident Recovery Plan Execution
- Sub-Category
- Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms
