Skip to content
  • There are no suggestions because the search field is empty.

Plans

What it is
A Plan is a documented, organization-wide strategy that explains how a business operates in relation to a particular topic. For cyber security, a plan explains how a business protects its systems, data and operations for cyber threats and how it responds if an incident occurs. 

project-2021-03-04_11-03_AM__3_

Plans do not create new rules. Instead, they bring together existing policies and explain how those policies work together, who is responsible, and how the organization prepares for or responds to certain situations.

A plan is a coordination document. It helps people understand the big picture without repeating detailed rules or step-by-step instructions.

Why it exists
Some topics are too large or complex to understand through a single policy. Plans provide structure and coordination across multiple policies, teams, and activities so everyone understands how the organization approaches a given area.

What a plan usually includes

  • Purpose and scope
  • Roles and responsibilities
  • Assumptions and boundaries
  • References to related policies
  • References to related processes and procedures
  • High-level guidance (but not detailed instructions)

Plans are typically approved by leadership and updated over time.

Examples

  • System Security Plan (SSP)
  • Incident Response Plan
  • Disaster Recovery Plan
  • Business Continuity Plan
  • IT Strategic Plan
  • Audit Plan

How to use it

  • Read a plan to understand how the organization approaches a topic overall
  • Use a plan to find the relevant policies, processes, and procedures
  • Use a plan during coordination-heavy activities such as incidents, audits, or planning efforts

Common confusion

Plan vs Policy
A policy states what is required or allowed and sets rules or principles.
A plan explains how objectives will be achieved in alignment with those rules

Plan vs Process

A process is generally a repeatable sequence of activities that produces a consistent outcome
A plan is the coordinated approach for achieving a specific goal, often using multiple processes

Plan vs Procedure
A procedure gives step-by-step instructions.
A plan defines what needs to be done and in what order at a high level, often referencing procedures.

 

 

 

FutureFeed Footer – Newest