Content library
CyberFundamentals (Belgium)
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.

How to fill the requirement

CyberFundamentals (Belgium)

RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.

Task name
Priority
Status
Theme
Policy
Other requirements
Creating and documenting continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

T05: Jatkuvuuden hallinta
Katakri
17.1.2: Implementing information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-9: Response and recovery plans
NIST
RC.RP-1: Recovery plan
NIST
1. Task description

Sometimes an unexpected event, such as a fire, flood, or equipment failure, can cause downtime. In order to be able to continue operations as quickly and smoothly as possible, continuity planning is carried out, i.e. planning the operations in advance for these exceptional situations.

Each continuity plan shall contain at least the following information:

  • Event for which the plan has been made
  • Goal for recovery time
  • Responsible persons and related stakeholders and contact information
  • Planned immediate actions
  • Planned recovery steps
Communication in accordance with the incident response plan in the event of a incident
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

RS.CO-3: Information sharing
NIST
32: Viestintäsuunnitelma häiriö- ja kriisitilanteisiin
Sec overview
RESPONSE-3: Respond to Cybersecurity Incidents
C2M2: MIL1
Article 14: Communication
DORA
Article 17: ICT-related incident management process
DORA
1. Task description

In the event of an incident , communication with internal and external stakeholders must be in accordance with the incident response plan.

Developing an incident response plan for critical information systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
HAL-17: Tietojärjestelmien toiminnallinen käytettävyys ja vikasietoisuus
Julkri
VAR-09: Tietojärjestelmien toipumissuunnitelmat
Julkri
CC7.4: Responding to identified security incidents
SOC 2
1. Task description

The organization shall establish a incident response plan for security incidents to critical information systems. Response plans should also be tested by the necessary organizational elements. The plan should take into account at least:

  • The purpose of the information system and the precautions to be taken in the event of its disruption
  • Recovery plans, targets, and priorities for the order of recovery of assets
  • The role of implementing the response plans and the contact details of the persons assigned to the roles
  •  Continuation of normal operations regardless of the state of the information systems.
  • Distribution, approval and review of response plans

In addition, the plan should at least:

  • Establish a roadmap for developing disruption management capacity
  • Describe the structure and organization of incident management capability
  • Provides metrics to measure incident management capability
Considering cyber security breaches in continuity planning
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

PR.IP-9: Response and recovery plans
NIST
RS.MI-2: Incident mitigation
NIST
RC.RP-1: Recovery plan
NIST
RC.RP: Recovery Planning
NIST
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1. Task description

The organization must document in advance procedures for responding to security breaches to ensure the actions of related departments, customers, and other critical partners in the event of a security breach.

Addressing disasters in continuity planning
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

PR.IP-9: Response and recovery plans
NIST
Article 11: Response and recovery
DORA
1.6.3: Crisis preparedness
TISAX
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.
CyFun
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
CyFun
1. Task description

The organization has to include disaster recovery in their continuity planning. Relevant disasters for the planning are natural disasters (e.g floods, earthquake, hurricanes) and human caused disasters (e.g terror attack, chemical attack/incident, insider attack).

In disaster planning there is greater emphasis on the returning operations to normal levels safely than in continuity planning. After this focus moves to resuming normal operations.

The continuity plans must be updated at least annually or after significant changes.

Ensuring the reliability of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

6.2a: Jatkuvuuden hallinta
Tietoturvasuunnitelma
Article 7: ICT systems, protocols and tools
DORA
Article 9: Prevention
DORA
4.1: Tietojärjestelmien tietoturvallisuus
TiHL: Tietoturva
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.
CyFun
1. Task description

To ensure the reliability of the systems, the following measures should be taken:

  • Duplication of the systems
  • Planned temporary solutions in case of problem situations
  • Spare parts available
  • Using special components
  • Active monitoring
  • Active maintenance activities

Maintenance, updating and possible renewal of information systems, devices and networks should be planned with the necessary component and software updates to be implemented before possible failures. When examining the criticality of components, the perspective of customer and patient safety should be taken into account.

No items found.