Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >C2M2
  3. >Event And Incident Response, Continuity Of Operations
  4. >Event And Incident Response, Continuity Of Operations - Objective 4
  5. >C2M2-RESPONSE-4D
C2M2-RESPONSE-4DActive

Continuity plans address potential impacts from cybersecurity incidents

Statement

Continuity plans address potential impacts from cybersecurity incidents

Location

Domain
Event and Incident Response, Continuity of Operations
Objective
Event and Incident Response, Continuity of Operations - Objective 4

Practice Details

Identifier
C2M2-RESPONSE-4D
Domain
Event and Incident Response, Continuity of Operations
Objective
Objective 4
Maturity Level
MIL-2

Help Text

Continuity plans address the most critical business functions of the organization to ensure they continue during different types of emergencies. Therefore, to help ensure that continuity plans cover all the actions that need to be taken when certain types of cyber incidents occur, identify types of incidents that might realistically happen to your organization and cause significant disruption. Sources of information may include threat profile information, past incidents, current attack trends, vulnerability information, and cybersecurity alerts. Analysis techniques such as research, brainstorming, subject matter expert interview, and threat modeling may then be applied to identify the likely impacts of those incidents. Impact descriptions should name specific assets that would be affected by each type of incident. Develop as many continuity plans as needed to describe the actions that would need to be taken to deal with potential impacts and sustain operations during the disruption.

Related Practices · Input From: Implementing RISK-3c provides input that may be useful for implementing this practice. · Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4a, RESPONSE-4d, RESPONSE-4e, RESPONSE-4f, RESPONSE-4g, RESPONSE-4m, RESPONSE-4p.

AESCSF
AESCSF-RESPONSE-4dequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Event and Incident Response, Continuity of Operations - Objective 4
Event and Incident Response, Continuity of Operations - Objective 416 controls
C2M2-RESPONSE-4AContinuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc mannerC2M2-RESPONSE-4BData backups are available and tested, at least in an ad hoc mannerC2M2-RESPONSE-4CIT and OT assets requiring spares are identified, at least in an ad hoc mannerC2M2-RESPONSE-4DContinuity plans address potential impacts from cybersecurity incidentsC2M2-RESPONSE-4EThe assets and activities necessary to sustain minimum operations of the function are identified and documented in continuity plansC2M2-RESPONSE-4FContinuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assetsC2M2-RESPONSE-4GRecovery time objectives (RTOs) and recovery point objectives (RPOs) for assets that are important to the delivery of the function are incorporated into continuity plansC2M2-RESPONSE-4HCybersecurity incident criteria that trigger the execution of continuity plans are established and communicated to incident response and continuity management personnelC2M2-RESPONSE-4IContinuity plans are tested through evaluations and exercises periodically and according to defined triggers, such as system changes and external eventsC2M2-RESPONSE-4JCybersecurity controls protecting backup data are equivalent to or more rigorous than controls protecting source dataC2M2-RESPONSE-4KData backups are logically or physically separated from source dataC2M2-RESPONSE-4LSpares for selected IT and OT assets are availableC2M2-RESPONSE-4MContinuity plans are aligned with identified risks and the organization’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threatsC2M2-RESPONSE-4NContinuity plan exercises address higher priority risksC2M2-RESPONSE-4OThe results of continuity plan testing or activation are compared to recovery objectives, and plans are improved accordinglyC2M2-RESPONSE-4PContinuity plans are periodically reviewed and updated