Key Point:
You must be prepared to restore your organisation’s essential functions following an adverse incident.
Overview:
This outcome focuses on ensuring that your organisation is well-prepared to recover and maintain the operation of essential functions during and after an incident. Key steps involve identifying critical systems and understanding their interdependencies.
How to Meet the Requirement:
Understand which information, networks, and systems are critical to the operation of your essential functions. Prioritise systems based on their business importance, identify the dependencies between them, and establish the order in which they should be restored. Incorporate threat intelligence sources into your preparations to stay informed about emerging risks and how they might impact your recovery strategies.
Ensure you have robust business continuity and disaster recovery plans that account for potential disruptions and outline clear steps for restoring services.
Evidence to Provide:
Submit evidence such as:
- Business continuity and disaster recovery plans
- Risk registers
- Information asset and flows register or scoping documentation
- Sources of threat intelligence
Your evidence should demonstrate a clear understanding of critical systems, dependencies, and your ability to recover from incidents.
Indicators of Good Practice:
- You know all systems necessary for restoring essential functions, including their dependencies.
- You integrate real-time threat intelligence to update recovery strategies.
B5.b Design for Resilience
Key Point:
Design your organisation’s networks and systems to be resilient to cyber security incidents, minimising single points of failure.
Overview:
This outcome focuses on ensuring that your systems are designed to withstand potential cyber security incidents, including addressing single points of failure, network segregation, and resource limitations.
How to Meet the Requirement:
Identify and document single points of failure that could disrupt your essential functions and develop improvement plans to address them. Implement network segmentation to separate critical systems from enterprise systems, placing critical assets in a highly secure zone. Consider geographical constraints to ensure that critical systems are not all in one location, preventing system-wide failures in case of a localised event.
Evidence to Provide:
Submit documents such as:
- Network diagrams and segregation strategies
- Risk registers and improvement plans
- Dependency assessments
- Policies for network security and design
Your evidence should show that your network is designed with resilience in mind, reducing the impact of incidents.
Indicators of Good Practice:
- You’ve eliminated or mitigated single points of failure through documented improvement plans.
- Critical systems are segregated from other business systems.
B5.c Backups
Key Point:
Maintain current, accessible, and secure backups of data needed to restore your essential functions.
Overview:
This outcome ensures your organisation maintains effective backup procedures to recover essential services in case of a disruption. It covers backup frequency, security, and testing to ensure data is recoverable when needed.
How to Meet the Requirement:
Establish a backup strategy for important data that considers the frequency of backups, recovery point objective (RPO), and recovery time objective (RTO). Follow best practices like the 3-2-1 rule (3 backups, on 2 devices, 1 offsite) and the offline rule (ensuring one or more backups are offline). Regularly test your backups to confirm they can restore essential functions, and document any issues found during testing along with the plan to address them.
Evidence to Provide:
Provide evidence such as:
- Backup policies and procedures
- Records of backup and testing activities
- Risk registers and improvement plans
Ensure your documentation proves that backups are tested, accessible, and secure to restore essential functions in the event of an incident.
Indicators of Good Practice:
- You follow best practices (such as the 3-2-1 rule) for secure backups.
- Backups are regularly tested, and results are documented with action plans.
At Periculo, we ensure your networks and systems are not only resilient to cyber threats but also designed for rapid recovery. From planning and designing secure systems to implementing robust backup solutions, we help you prepare for the unexpected. Contact us today to fortify your organisation's resilience!
