Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >C2M2
  3. >Event And Incident Response, Continuity Of Operations
  4. >Event And Incident Response, Continuity Of Operations - Objective 4
  5. >C2M2-RESPONSE-4B
C2M2-RESPONSE-4BActive

Data backups are available and tested, at least in an ad hoc manner

Statement

Data backups are available and tested, at least in an ad hoc manner

Location

Domain
Event and Incident Response, Continuity of Operations
Objective
Event and Incident Response, Continuity of Operations - Objective 4

Practice Details

Identifier
C2M2-RESPONSE-4B
Domain
Event and Incident Response, Continuity of Operations
Objective
Objective 4
Maturity Level
MIL-1

Help Text

This practice is fundamental to restoring operations in the event of data loss or hardware failure. The organization makes accessible, at least in an ad hoc manner, backups of information assets. When identifying information assets to be backed up, organizations should consider data that resides on different types of IT and OT assets, such as virtualized assets, regulated assets, cloud assets, Bring Your Own Device (BYOD) assets, assets managed by a third party, field assets, and mobile assets. Testing is performed for backups to help ensure they are viable and available when needed. Strategies for performing and managing backups should be based on risk to the function or the organization. This practice initiates a progression of practices that continue in MIL2 and are focused on data backups. Backups of information assets may include: · operational data · set points · configuration files · storage locations · copies of important configuration baselines, golden images, hard disk images, and virtual machine images Backup procedures typically include: · frequency standards · retention periods · authorized storage locations and methods · encryption and protection requirements; testing standards

Related Practices · Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4b, RESPONSE-4f, RESPONSE-4j, RESPONSE-4k.

AESCSF
AESCSF-RESPONSE-4bequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Event and Incident Response, Continuity of Operations - Objective 4
Event and Incident Response, Continuity of Operations - Objective 416 controls
C2M2-RESPONSE-4AContinuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc mannerC2M2-RESPONSE-4BData backups are available and tested, at least in an ad hoc mannerC2M2-RESPONSE-4CIT and OT assets requiring spares are identified, at least in an ad hoc mannerC2M2-RESPONSE-4DContinuity plans address potential impacts from cybersecurity incidentsC2M2-RESPONSE-4EThe assets and activities necessary to sustain minimum operations of the function are identified and documented in continuity plansC2M2-RESPONSE-4FContinuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assetsC2M2-RESPONSE-4GRecovery time objectives (RTOs) and recovery point objectives (RPOs) for assets that are important to the delivery of the function are incorporated into continuity plansC2M2-RESPONSE-4HCybersecurity incident criteria that trigger the execution of continuity plans are established and communicated to incident response and continuity management personnelC2M2-RESPONSE-4IContinuity plans are tested through evaluations and exercises periodically and according to defined triggers, such as system changes and external eventsC2M2-RESPONSE-4JCybersecurity controls protecting backup data are equivalent to or more rigorous than controls protecting source dataC2M2-RESPONSE-4KData backups are logically or physically separated from source dataC2M2-RESPONSE-4LSpares for selected IT and OT assets are availableC2M2-RESPONSE-4MContinuity plans are aligned with identified risks and the organization’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threatsC2M2-RESPONSE-4NContinuity plan exercises address higher priority risksC2M2-RESPONSE-4OThe results of continuity plan testing or activation are compared to recovery objectives, and plans are improved accordinglyC2M2-RESPONSE-4PContinuity plans are periodically reviewed and updated