You can develop a business continuity plan for a ransomware event by using the Business Continuity Plan template, and related appendices. These templates are included in folder 10 ISO 22301 Core Business Continuity Documents.
The ransomware recovery plan is basically the same as a recovery plan for some other scenarios and you should use the Disaster Recovery Plan for that purpose.
Common practices to be considered for a business continuity plan for ransomware are:
- format and reinstall of affected servers
- recovering data from backups
Additionally, some preventive actions should be considered:
- Training and awareness sessions about ransomware, to be included in the Training and awareness plan, located in folder 10 Training and awareness
- Event monitoring, to be included in the Secure procedures for IT department, located in folder 9 Annex A Security controls
- Patch management, to be included in the Secure procedures for IT department, located in folder 9 Annex A Security controls
For further information, see: