Disaster Recovery Plan and Crisis Management Plan
The exercise works best if you have a Disaster Recovery Plan (DRP) or a Crisis Management Plan (CMP) in place.
OT Disaster Recovery Plan (DRP)
A Disaster Recovery Plan, or DRP, is a comprehensive plan that covers full recovery of the OT network, including the industrial controllers, SCADA systems and other vital components. Recovery order, system dependencies, required resources and tools, reliable backups, tested procedures and validation processes are all required for a successful and fast recovery.
During the preparation of the OT Tabletop, we check whether this plan exists and is successfully implemented. If you do not have a Disaster Recovery Plan, Secura can provide support to review or create one, based on relevant controls specified in NIST CSF and IEC 62443-2-1 and matched to the current infrastructure.
OT Crisis Management Plan (CMP)
A Crisis Management Plan, or CMP, is all about managing the crisis on a company level, including decision-making and communication. Most organizations have a general plan, but they don’t always cover disasters caused by cyber and/or cyber incidents in OT.
During the Tabletop we will review the existing Crisis Management Plan. If needed, Secura can help you improve or create this plan.