Home » Functions » Identify (RC.IP) » RC.IP-2 Key Stakeholders and Responsibilities

Description

Organisations must identify key recovery stakeholders and agree their responsibilities with them. The three key stakeholders include:

1) Administrative recovery stakeholders – these are the people who will carry out the restoration and recovery activities when an incident occurs. E.g. Systems administrator, Database operators, shift leads, SOC analyst etc. It is extremely important that there is a mapping of two to three stakeholders per a critical asset identified.

2) Senior recovery stakeholders – these are Recovery and Incident Management Board that holds the authority to authorise and approve recovery and restoration exercise to commence. This stakeholder responsibilities must be clearly agreed prior, and must be named individuals and their delegates in the event that they are not available (See also RC.CC-2).

3) External recovery stakeholders – these are external people or supplier who may be relied upon to perform recovery, e.g. service provider, hosting supplier and/or incident recovery partner (see also RC.CI-6).

An up-to-date key stakeholder and their responsibilities register must exist and regularly updated, and these stakeholders must be present or contacted during recovery exercises.

Outcomes / Outputs

(Conduct / Fix / Ingest / List / Plan / Procure / Produce / Report / Review / Set / Test  / Train )

1. List of three key stakeholders: Administrative recovery stakeholders, Senior recovery stakeholders and External recovery stakeholders.

Reference