Content library
Continuity management
Regular testing and review of continuity plans
Risk management and leadership
Continuity management

Regular testing and review of continuity plans

Start free trial

Task description

Regular testing and review of continuity plans

The organization should regularly, at least annually, test and review its information security continuity plans to ensure that they are valid and effective in adverse situations.

Testing of continuity plans shall involve, as appropriate, stakeholders critical to each plan. The organisation should identify and document the necessary contacts with suppliers and partners.

In addition, the adequacy of continuity plans and associated management mechanisms should be reassessed in the event of significant changes in operations.

Requirements connected to the task

11.5: Test Data Recovery
CIS 18 controls
14.5.4): Veiklos tęstinumą
Kibernetinio Saugumo Įstatymas (Lithuania)
17.1.3: Verify, review and evaluate information security continuity
ISO 27001 (2013): Full
21.2.c: Business continuity and backups
NIS2 Directive
30 § 3.3°: La continuité et la gestion des crises
La loi NIS2 (Belgique)
33: Häiriötilanteiden suunnitelmien kouluttaminen henkilöstölle
Digital security overview
36: Häiriötilanteiden säännöllinen harjoittelu
Digital security overview
37: Suunnitelmien päivittäminen kokemusten pohjalta
Digital security overview
4.1.6: Test and rehearse the plans regularly so that they are established
NSM ICT Security Principles (Norway)
5.2.8: IT service continuity planning
TISAX: Information security

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Notifying the system provider of deviations from data system requirements
Critical
High
Normal
Low
Continuity management
1
requirements

Examples of other requirements this task affects

6.2b: Häiriöiden hallinta ja menettelyt ongelmatilanteissa
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Notifying the system provider of deviations from data system requirements
Preparation of contingency plans based on risk assessments
Critical
High
Normal
Low
Continuity management
2
requirements

Examples of other requirements this task affects

13 a §: Häiriötilanteista tiedottaminen ja varautuminen häiriötilanteisiin
TiHL
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Preparation of contingency plans based on risk assessments
Creating and documenting continuity plans
Critical
High
Normal
Low
Continuity management
40
requirements

Examples of other requirements this task affects

Članak 30.1.c: Kontinuitet poslovanja
NIS2 Croatia
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
9.10 §: Varmuuskopiointi ja jatkuvuuden hallinta
Kyberturvallisuuslaki
5.2.8: IT service continuity planning
TISAX
1.6.3: Crisis preparedness
TISAX
See all related requirements and other information from tasks own page.
Go to >
Creating and documenting continuity plans
Conducting digital operational resilience testing
Critical
High
Normal
Low
Continuity management
1
requirements

Examples of other requirements this task affects

Article 24: General requirements for the performance of digital operational resilience testing
DORA
See all related requirements and other information from tasks own page.
Go to >
Conducting digital operational resilience testing
Process for checking integrity of data after an incident
Critical
High
Normal
Low
Continuity management
2
requirements

Examples of other requirements this task affects

Article 12: Backup policies and procedures, restoration and recovery procedures and methods
DORA
RC.RP-05: Integrity of restored assets is verified, systems and services
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Process for checking integrity of data after an incident
Ensuring the reliability of data systems
Critical
High
Normal
Low
Continuity management
6
requirements

Examples of other requirements this task affects

6.2a: Jatkuvuuden hallinta
Tietoturvasuunnitelma
Article 7: ICT systems, protocols and tools
DORA
Article 9b: Prevention
DORA
4.1: Tietojärjestelmien tietoturvallisuus
TiHL tietoturvavaatimukset
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Ensuring the reliability of data systems
Regular testing and review of continuity plans
Critical
High
Normal
Low
Continuity management
37
requirements

Examples of other requirements this task affects

Članak 30.1.c: Kontinuitet poslovanja
NIS2 Croatia
9.10 §: Varmuuskopiointi ja jatkuvuuden hallinta
Kyberturvallisuuslaki
5.2.8: IT service continuity planning
TISAX
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
4.1.6: Test and rehearse the plans regularly so that they are established
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Regular testing and review of continuity plans
Addressing disasters in continuity planning
Critical
High
Normal
Low
Continuity management
11
requirements

Examples of other requirements this task affects

1.6.3: Crisis preparedness
TISAX
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.
CyberFundamentals
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
CyberFundamentals
14.5.4): Veiklos tęstinumą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Addressing disasters in continuity planning
Considering cyber security breaches in continuity planning
Critical
High
Normal
Low
Continuity management
10
requirements

Examples of other requirements this task affects

PR.IP-9: Response and recovery plans
NIST
RS.MI-2: Incident mitigation
NIST
RC.RP-1: Recovery plan
NIST
RC.RP: Recovery Planning
NIST
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Considering cyber security breaches in continuity planning
Testing and reviewing continuity plans related to cyber security breaches
Critical
High
Normal
Low
Continuity management
9
requirements

Examples of other requirements this task affects

PR.IP-10: Response and recovery plan tests
NIST
RS.IM-2: Response strategies update
NIST
RC.IM-2: Recovery strategies
NIST
Article 11: Response and recovery
DORA
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Testing and reviewing continuity plans related to cyber security breaches
Developing an incident response plan for critical information systems
Critical
High
Normal
Low
Continuity management
14
requirements

Examples of other requirements this task affects

RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
HAL-17: Tietojärjestelmien toiminnallinen käytettävyys ja vikasietoisuus
Julkri
VAR-09: Tietojärjestelmien toipumissuunnitelmat
Julkri
CC7.4: Responding to identified security incidents
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Developing an incident response plan for critical information systems
Communication in accordance with the incident response plan in the event of a incident
Critical
High
Normal
Low
Continuity management
16
requirements

Examples of other requirements this task affects

RS.CO-3: Information sharing
NIST
32: Viestintäsuunnitelma häiriö- ja kriisitilanteisiin
Digiturvan kokonaiskuvapalvelu
RESPONSE-3: Respond to Cybersecurity Incidents
C2M2
Article 14: Communication
DORA
Article 17: ICT-related incident management process
DORA
See all related requirements and other information from tasks own page.
Go to >
Communication in accordance with the incident response plan in the event of a incident
Executing an incident response plan with stakeholders
Critical
High
Normal
Low
Continuity management
4
requirements

Examples of other requirements this task affects

RS.CO-4: Coordination with stakeholders
NIST
RS.RP-1: Response plan is executed during or after an incident.
CyberFundamentals
RS.CO-4: Coordination with stakeholders occurs consistent with response plans.
CyberFundamentals
RS.MA-01: Incident response plan execution
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Executing an incident response plan with stakeholders
Palveluntarjoajien siirtojen huomiointi jatkuvuussuunnitelmissa
Critical
High
Normal
Low
Continuity management
1
requirements

Examples of other requirements this task affects

VAR-02.1: Jatkuvuusvaatimusten määrittely - palveluiden siirrot
Julkri
See all related requirements and other information from tasks own page.
Go to >
Palveluntarjoajien siirtojen huomiointi jatkuvuussuunnitelmissa
Continuity of critical tasks in exceptional situations
Critical
High
Normal
Low
Continuity management
5
requirements

Examples of other requirements this task affects

VAR-05: Henkilöstön saatavuus ja varajärjestelyt
Julkri
Article 11: Response and recovery
DORA
2.7: Varautuminen häiriötilanteisiin
TiHL tietoturvavaatimukset
1.6.3: Crisis preparedness
TISAX
Article 39: Components of the ICT business continuity plan
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Continuity of critical tasks in exceptional situations
Palveluriippuvuuksien huomiointi vikasietoisuuden suunnittelussa
Critical
High
Normal
Low
Continuity management
1
requirements

Examples of other requirements this task affects

VAR-08.1: Vikasietoisuus - riippuvuudet
Julkri
See all related requirements and other information from tasks own page.
Go to >
Palveluriippuvuuksien huomiointi vikasietoisuuden suunnittelussa
Identifying and testing the continuity capabilities required from ICT services
Critical
High
Normal
Low
Continuity management
10
requirements

Examples of other requirements this task affects

5.30: ICT readiness for business continuity
ISO 27001
6.2a: Jatkuvuuden hallinta
Tietoturvasuunnitelma
Article 11: Response and recovery
DORA
Article 12: Backup policies and procedures, restoration and recovery procedures and methods
DORA
5.2.8: IT service continuity planning
TISAX
See all related requirements and other information from tasks own page.
Go to >
Identifying and testing the continuity capabilities required from ICT services
Ensuring and testing the resilience of data processing environment
Critical
High
Normal
Low
Continuity management
5
requirements

Examples of other requirements this task affects

8.14: Redundancy of information processing facilities
ISO 27001
4.3: Vikasietoisuuden ja toiminnallisen käytettävyyden testaus
TiHL tietoturvavaatimukset
ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations).
CyberFundamentals
2.2.7: Establish a robust and resilient ICT architecture
NSM ICT-SP
PR.IR-03: Meeting resilience requirements
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Ensuring and testing the resilience of data processing environment
Identifying critical functions and related assets
Critical
High
Normal
Low
Continuity management
16
requirements

Examples of other requirements this task affects

26: Kriittisten toimintojen tunnistaminen
Digiturvan kokonaiskuvapalvelu
72: Organisaation kriittisten palveluiden tunnistaminen
Digiturvan kokonaiskuvapalvelu
73: Kriittisten palveluiden riippuvuudet palvelutoimittajista
Digiturvan kokonaiskuvapalvelu
ASSET-1: Manage IT and OT Asset Inventory
C2M2
6.2a: Jatkuvuuden hallinta
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Identifying critical functions and related assets
Ensuring coverage of critical scenarios and aspects in continuity plans
Critical
High
Normal
Low
Continuity management
2
requirements

Examples of other requirements this task affects

5.2.8: IT service continuity planning
TISAX
Article 39: Components of the ICT business continuity plan
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Ensuring coverage of critical scenarios and aspects in continuity plans
Establishing a crisis management team and process
Critical
High
Normal
Low
Continuity management
4
requirements

Examples of other requirements this task affects

1.6.3: Crisis preparedness
TISAX
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
RC.RP-02: Recovery actions
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Establishing a crisis management team and process
Requirements about information security continuity
Critical
High
Normal
Low
Continuity management
7
requirements

Examples of other requirements this task affects

17.1.1: Planning information security continuity
ISO 27001
VAR-02: Jatkuvuusvaatimusten määrittely
Julkri
5.29: Information security during disruption
ISO 27001
24: Jatkuvuudenhallinnan kuvaus
Digiturvan kokonaiskuvapalvelu
RC.RP-04: Critical mission functions and cybersecurity risk management
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Requirements about information security continuity
Defining the organization's continuity strategy
Critical
High
Normal
Low
Continuity management
8
requirements

Examples of other requirements this task affects

VAR-03: Jatkuvuussuunnitelmat
Julkri
24: Jatkuvuudenhallinnan kuvaus
Digiturvan kokonaiskuvapalvelu
Article 11: Response and recovery
DORA
5.2.8: IT service continuity planning
TISAX
28.(1): Kiberriska pārvaldības un nepārtrauktības plāni
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Defining the organization's continuity strategy
Communication to stakeholders on continuity plans
Critical
High
Normal
Low
Continuity management
18
requirements

Examples of other requirements this task affects

Članak 30.1.c: Kontinuitet poslovanja
NIS2 Croatia
9.10 §: Varmuuskopiointi ja jatkuvuuden hallinta
Kyberturvallisuuslaki
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
14.5.4): Veiklos tęstinumą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Communication to stakeholders on continuity plans
Communicating recovery measures to stakeholders
Critical
High
Normal
Low
Continuity management
6
requirements

Examples of other requirements this task affects

RC.CO-3: Recovery actions
NIST
Article 14: Communication
DORA
RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
CyberFundamentals
4.2.3: Inform relevant stakeholders
NSM ICT-SP
RC.CO-03: Recovery activities and progress communication to stakeholders
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Communicating recovery measures to stakeholders
Staff awareness of continuity plans
Critical
High
Normal
Low
Continuity management
2
requirements

Examples of other requirements this task affects

VAR-04: Resurssit ja osaaminen
Julkri
1.6.3: Crisis preparedness
TISAX
See all related requirements and other information from tasks own page.
Go to >
Staff awareness of continuity plans
Continuous improvement of continuation plans
Critical
High
Normal
Low
Continuity management
10
requirements

Examples of other requirements this task affects

CC7.5: Recovery from security incidents
SOC 2
Article 11: Response and recovery
DORA
RS.IM-2: Response and Recovery strategies are updated.
CyberFundamentals
RS.IM-1: Response plans incorporate lessons learned.
CyberFundamentals
RC.IM-1: Recovery plans incorporate lessons learned.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Continuous improvement of continuation plans

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security