CP-5 — Contingency Plan Update

This control was incorporated into CP-2. It required that your contingency plan be reviewed and updated regularly to reflect changes in your environment, lessons learned, and new threats.

Example 1: After every contingency plan test or real incident, conduct a lessons learned session and update the plan to address any gaps or procedural issues discovered.

Example 2: Review your contingency plan whenever significant system changes occur — like migrating to a new cloud platform or adding a new critical business application.