Description
The organization develops and implements a contingency plan for the information system addressing contingency roles, responsibilities, assigned individuals with contact information, and activities associated with restoring the system after a disruption or failure. Designated officials within the organization review and approve the contingency plan and distribute copies of the plan to key contingency personnel.\n
Supplemental Guidance
None.\n
Changes from Rev 4
Develop and document a map of system data actions, addressing the sharing of contingency information and noting the system operations that process personally identifiable information; incorporate lessons learned into contingency planning tests and training
Enhancements
\n
Compliance Mappings
ISO 27002:2022
5.295.30
COBIT 2019
DSS04.01DSS04.02DSS04.03DSS04.04DSS04.05DSS04.06DSS04.07DSS04.08
CIS Controls v8
1111.1
NIST CSF 2.0
GV.SC-08ID.IM-04PR.IR-02PR.IR-03RCRC.RPRC.RP-02RC.RP-04RS.MA-05
SOC 2 TSC
A1.2A1.2-POF1A1.2-POF10A1.2-POF11A1.2-POF2A1.2-POF3A1.2-POF4A1.2-POF5A1.2-POF6CC7.4-POF5CC7.5CC7.5-POF1CC7.5-POF2CC7.5-POF4CC7.5-POF5CC8.1-POF15CC9.1CC9.1-POF1CC9.1-POF2
ISO 17799 (legacy)
10.3.210.4.110.8.514.1.314.1.4
COBIT 4.1 (legacy)
DS4.2