Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >C2M2
  3. >Event And Incident Response, Continuity Of Operations
  4. >Event And Incident Response, Continuity Of Operations - Objective 4
  5. >C2M2-RESPONSE-4A
C2M2-RESPONSE-4AActive

Continuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc manner

Statement

Continuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc manner

Location

Domain
Event and Incident Response, Continuity of Operations
Objective
Event and Incident Response, Continuity of Operations - Objective 4

Practice Details

Identifier
C2M2-RESPONSE-4A
Domain
Event and Incident Response, Continuity of Operations
Objective
Objective 4
Maturity Level
MIL-1

Help Text

Continuity plans contain descriptions of the actions the organization will take to sustain and restore operation of the function if a disruption occurs (such as failing over to redundant facilities or initiating manual procedures) and key roles that must be involved. They are generally focused on managing the organizational consequences of disruption based on a range of potential events that can cause disruption. Continuity plans address the most critical business functions of the organization to ensure they continue during different types of emergencies. Organizations may also consider how secure shutdown will be performed as part of continuity planning.

Related Practices · Input From: Implementing ARCHITECTURE-2j provides input that may be useful for implementing this practice. · Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4a, RESPONSE-4d, RESPONSE-4e, RESPONSE-4f, RESPONSE-4g, RESPONSE-4m, RESPONSE-4p.

AESCSF
AESCSF-RESPONSE-4aequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Event and Incident Response, Continuity of Operations - Objective 4
Event and Incident Response, Continuity of Operations - Objective 416 controls
C2M2-RESPONSE-4AContinuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc mannerC2M2-RESPONSE-4BData backups are available and tested, at least in an ad hoc mannerC2M2-RESPONSE-4CIT and OT assets requiring spares are identified, at least in an ad hoc mannerC2M2-RESPONSE-4DContinuity plans address potential impacts from cybersecurity incidentsC2M2-RESPONSE-4EThe assets and activities necessary to sustain minimum operations of the function are identified and documented in continuity plansC2M2-RESPONSE-4FContinuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assetsC2M2-RESPONSE-4GRecovery time objectives (RTOs) and recovery point objectives (RPOs) for assets that are important to the delivery of the function are incorporated into continuity plansC2M2-RESPONSE-4HCybersecurity incident criteria that trigger the execution of continuity plans are established and communicated to incident response and continuity management personnelC2M2-RESPONSE-4IContinuity plans are tested through evaluations and exercises periodically and according to defined triggers, such as system changes and external eventsC2M2-RESPONSE-4JCybersecurity controls protecting backup data are equivalent to or more rigorous than controls protecting source dataC2M2-RESPONSE-4KData backups are logically or physically separated from source dataC2M2-RESPONSE-4LSpares for selected IT and OT assets are availableC2M2-RESPONSE-4MContinuity plans are aligned with identified risks and the organization’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threatsC2M2-RESPONSE-4NContinuity plan exercises address higher priority risksC2M2-RESPONSE-4OThe results of continuity plan testing or activation are compared to recovery objectives, and plans are improved accordinglyC2M2-RESPONSE-4PContinuity plans are periodically reviewed and updated