Description
The organization reviews the contingency plan for the information system [Assignment: organization-defined frequency, at least annually] and revises the plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing.
Supplemental Guidance
Organizational changes include changes in mission, functions, or business processes supported by the information system. The organization communicates changes to appropriate organizational elements responsible for related plans (e.g., Business Continuity Plan, Disaster Recovery Plan, Continuity of Operations Plan, Business Recovery Plan, Incident Response Plan, Emergency Action Plan).
Enhancements
(0) None.
Compliance Mappings
ISO 27002:2022
5.29
COBIT 2019
DSS04
MAS TRM
8
BSI IT-Grundschutz
DER.4
ANSSI
Hygiene.35Hygiene.36SecNumCloud.18.1
FINMA Circular 2023/1
IV.E(87)IV.F(98)IV.F(99)
OSFI B-13
B-13.2.6
EU GDPR
Art.32(1)(c)Art.32(1)(d)
EU DORA
Art.11(6)
BIO2
5.29
FISC Security Guidelines
FISC.O5
HKMA TM-E-1
TME1.6.3
CBB TM
TM-14
Qatar NIA
BC
EBA ICT Guidelines
3.7.4
SEBI CSCRF
BCP-DR
FCA SYSC 13
SYSC 13.8.1
ISO 27799
17.1
ISO 17799 (legacy)
14.1.314.1.5
COBIT 4.1 (legacy)
DS4.4