72
InformatIon SecurIty PolIcy DeveloPment for comPlIance
CP-2 CONTINGENCY PLAN
Control: e organization:
a. Dev
elops a contingency plan for the information system that:
•
Ide
nties essential missions and business functions and
associated contingency requirements;
•
Pro
vides recovery objectives, restoration priorities, and
metrics;
•
Add
resses contingency roles, responsibilities, and assigned
individuals with contact information;
•
Add
resses maintaining essential missions and business
functions despite an information system disruption, com-
promise, or failure;
•
Add
resses eventual full information system restoration
without deterioration of the security measures originally
planned and implemented; and
•
Is r
eviewed and approved ...