Difference between contingency, recovery and response plans?
Assign topic to the user
ISO 22301 nor ISO 27001 do not prescribe the structure of business continuity plan, but usually the plans are structured as follows:
- Business Continuity Plan is only a top-level document describing some general activities
- Incident Response Plans are the plans where responses to particular incidents is described
- Recovery Plans (for each activity) describe how each activity is to be recovered from a disruption
And yes, the format for these 3 types of plans is often different. This article will also help you: Activation procedures for the business continuity plan https://advisera.com/27001academy/blog/2011/09/26/activation-procedures-for-business-continuity-plan/
As I described above, response plan is used for directly responding to an incident; regarding contingency and recovery plans, the ISO standards do not make a difference between them.
Comment as guest or Sign in
Jan 12, 2016