RS.MA-05.319

Has your organization established and documented criteria for determining when incident recovery processes should be initiated based on incident characteristics?

Explanation

This question assesses whether your organization has defined clear thresholds or decision points for activating recovery procedures following a security incident. These criteria should consider factors like incident severity, systems affected, data compromise, operational impact, and recovery resource requirements. Having predefined recovery criteria ensures consistent decision-making during incidents and prevents delays in recovery actions when needed. Evidence could include a documented incident response plan with a specific section on recovery criteria, decision matrices that map incident types/severity to recovery actions, or runbooks that outline the conditions triggering recovery processes.

Implementation Example

Apply incident recovery criteria to known and assumed characteristics of the incident to determine whether incident recovery processes should be initiated

ID: RS.MA-05.319

Context

Function
RS: RESPOND
Category
RS.MA: Incident Management
Sub-Category
The criteria for initiating incident recovery are applied

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron