Continuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assets
Context and Guidance: Developers of continuity plans should leverage asset inventory and prioritisation information (ASSET-1 and ASSET-2 practices) to ensure that continuity plans cover all assets important to the delivery of the function. Details about backups and spares for those assets should be included in the plans, including virtualised asset backups and snapshots captured for recovery purposes. Organisations that are depending on the cloud as a backup location either for on-premise data or cloud data should consider the impact of a cloud event, incident, or vulnerability on the availability of backups.
Related Practices • Input From: Implementing ASSET-1a and ASSET-2a provides input that may be useful for implementing this practice. • Progression: This practice is part of multiple practice progressions. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in the first progression include: RESPONSE-4a, RESPONSE-4d, RESPONSE-4e, RESPONSE-4f, RESPONSE-4g, RESPONSE-4m, RESPONSE-4p. • The practices in the second progression include: RESPONSE-4b, RESPONSE-4f, RESPONSE-4j, RESPONSE-4k • The practices in the third progression include: RESPONSE-4c, RESPONSE-4f, RESPONSE-4l.