Jatkuvuus-, toipumis- ja viestintäsuunnitelmia päivitetään harjoitusten tai toteutuneiden häiriötilanteiden perusteella
Lisätiedot: näyttö päivityksestä
The organization should regularly, at least annually, test and review its information security continuity plans to ensure that they are valid and effective in adverse situations.
Testing of continuity plans shall involve, as appropriate, stakeholders critical to each plan. The organisation should identify and document the necessary contacts with suppliers and partners.
In addition, the adequacy of continuity plans and associated management mechanisms should be reassessed in the event of significant changes in operations.
The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.
The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.
If recurrent incidents requiring response are identified, based on them: