This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.
Answer yes if your organisation has a documented Incident Response Plan that has been reviewed in the last year. Please provide the Incident Response Plan (as a PDF file) as evidence.
Answer yes if your organisation's Incident Response Plan contains a section for classifying information security events. Please reference the section of any previously provided plan in the notes.
Answer yes if your organisation's Incident Response Plan contains an assessment of impact to legal and regulatory compliance. Please reference the section of any previously provided plan in the notes.
Answer yes if your organisation's Incident Response Plan contains a section defining roles and responsibilities in an information security event. Please reference the section of any previously provided plan in the notes.
Answer yes if your organisation's Incident Response Plan contains a section for alternative communication methods. Please reference the section of any previously provided plan in the notes.
Answer yes if your organisation has a cyber incident response capability that it can call upon in the event of an incident. This can be an in-house capability or provided by a third party or cyber insurance provider.
Answer yes if your organisation has a documented process for reporting information security incidents, or suspected information security incidents (this is typically via an IT helpdesk). Please describe the process in the notes, or provide a process document (as a PDF file) as evidence.
Answer yes if your organisation has a documented process for reporting information security breaches to all affected clients within 72 hours of the breach being discovered. Please describe the process in the notes, or provide a process document (as a PDF file) as evidence.
Answer yes if your organisation completed a root cause analysis for all security incidents that are reported, and implements any lessons learnt after each analysis has been completed. Please provide a template root cause analysis document (as a PDF file) as evidence.
Answer yes if your organisation has a documented business continuity plan that has been reviewed and approved by senior management in the last year. Please provide the Business Continuity Plan (as a PDF file) as evidence.
Answer yes if your organisation has assessed the potential business-disruptive risks and used this assessment to inform your Business Continuity Plan. This process may involve conducting a Business Impact Analysis (BIA) for certain scenarios. Please provide the business continuity risk summary as evidence or reference a section of a previously provided document in the notes section.
Answer yes if your organisation's Business Continuity Plan includes the required steps to backup and restore the data used by your organisation for day to day operations and the data your clients may have transferred to you for processing, including the outcomes of that processing. This may include defining and agreeing the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for certain services.
Answer yes if your organisation's Business Continuity Plan includes the required steps to continue business operations from an alternate location if the normal business location is inaccessible.
Answer yes if your organisation's Business Continuity Plan includes information describing the maintenance of security controls in the event of a disaster.
Answer yes if your organisation runs rehearsal of its Business Continuity and Disaster Recovery plans at least annually involving all parties, including senior operational leaders. Please provide a report (as a PDF file) that details the last two tests to take place. In the notes section, please describe the nature of the exercises (e.g. desktop exercises, partial or whole practical/technical service restoration and recovery) and who was involved. Please also describe the outcome of the rehearsals, e.g. plans have been updated and re-issued with all material findings addressed.