This step lays out specific procedures to recover from each security breach and disaster scenario identified and described in the assessment step:
Who? Which employees have the prime and backup responsibility for implementing each specific recovery procedure?
Where? In what locations are spares, excess capacity, and backup systems stored or installed?
When? What determines implementing recovery for a security breach or disaster? Who makes the decision to implement the plan? How are customers and the public notified of what has happened and how they might be affected?
What? How is the plan documented and published so that all employees know exactly what to do in the event of a security breach or disaster? Copies of security and disaster recovery plans should exist in every location of a company, not just the headquarters and the IT department. The enterprise key personnel involved should have copies of the plans at home in the event that a disaster happens during non-working hours. How often is the plan reviewed and updated?
In the planning stage, the steps for reacting to a security breach or disaster are spelled out in precise detail so that everyone knows what to do in the event that such scenarios become reality.