Content library
CyberFundamentals (Belgium)
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.

Requirement description

Incident response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) shall be established, maintained, approved, and tested to determine the effectiveness of the plans, and the readiness to execute the plans.
Guidance
- The incident response plan is the documentation of a predetermined set of instructions or
procedures to detect, respond to, and limit consequences of a malicious cyber-attack.
- Plans should incorporate recovery objectives, restoration priorities, metrics, contingency roles,
personnel assignments and contact information.
- Maintaining essential functions despite system disruption, and the eventual restoration of the
organization’s systems, should be addressed.
- Consider defining incident types, resources and management support needed to effectively maintain
and mature the incident response and contingency capabilities.

The organization shall coordinate the development and the testing of incident response
plans and recovery plans with stakeholders responsible for related plans.
Guidance
Related plans include, for example, Business Continuity Plans, Disaster Recovery Plans, Continuity of
Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, Cyber incident response
plans, and Occupant Emergency Plans.

How to fill the requirement

CyberFundamentals (Belgium)

PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.

Task name
Priority
Status
Theme
Policy
Other requirements
Creating and documenting continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
40
requirements

Examples of other requirements this task affects

Članak 30.1.c: Kontinuitet poslovanja
NIS2 Croatia
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
9.10 §: Varmuuskopiointi ja jatkuvuuden hallinta
Kyberturvallisuuslaki
5.2.8: IT service continuity planning
TISAX
1.6.3: Crisis preparedness
TISAX
See all related requirements and other information from tasks own page.
Go to >
Creating and documenting continuity plans
1. Task description

Sometimes an unexpected event, such as a fire, flood, or equipment failure, can cause downtime. In order to be able to continue operations as quickly and smoothly as possible, continuity planning is carried out, i.e. planning the operations in advance for these exceptional situations.

Each continuity plan shall contain at least the following information:

  • Event for which the plan has been made
  • Goal for recovery time
  • Responsible persons and related stakeholders and contact information
  • Planned immediate actions
  • Planned recovery steps
Regular testing and review of continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
37
requirements

Examples of other requirements this task affects

Članak 30.1.c: Kontinuitet poslovanja
NIS2 Croatia
9.10 §: Varmuuskopiointi ja jatkuvuuden hallinta
Kyberturvallisuuslaki
5.2.8: IT service continuity planning
TISAX
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
4.1.6: Test and rehearse the plans regularly so that they are established
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Regular testing and review of continuity plans
1. Task description

The organization should regularly, at least annually, test and review its information security continuity plans to ensure that they are valid and effective in adverse situations.

Testing of continuity plans shall involve, as appropriate, stakeholders critical to each plan. The organisation should identify and document the necessary contacts with suppliers and partners.

In addition, the adequacy of continuity plans and associated management mechanisms should be reassessed in the event of significant changes in operations.

Addressing disasters in continuity planning
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
11
requirements

Examples of other requirements this task affects

1.6.3: Crisis preparedness
TISAX
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.
CyberFundamentals
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
CyberFundamentals
14.5.4): Veiklos tęstinumą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Addressing disasters in continuity planning
1. Task description

The organization has to include disaster recovery in their continuity planning. Relevant disasters for the planning are natural disasters (e.g floods, earthquake, hurricanes) and human caused disasters (e.g terror attack, chemical attack/incident, insider attack).

In disaster planning there is greater emphasis on the returning operations to normal levels safely than in continuity planning. After this focus moves to resuming normal operations.

The continuity plans must be updated at least annually or after significant changes.

Considering cyber security breaches in continuity planning
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
10
requirements

Examples of other requirements this task affects

PR.IP-9: Response and recovery plans
NIST
RS.MI-2: Incident mitigation
NIST
RC.RP-1: Recovery plan
NIST
RC.RP: Recovery Planning
NIST
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Considering cyber security breaches in continuity planning
1. Task description

The organization must document in advance procedures for responding to security breaches to ensure the actions of related departments, customers, and other critical partners in the event of a security breach.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.