Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Relationship between Contingency Plan, MTD, and RTO?

Hi everyone,

Is the Contingency Plan enacted as part of the RTO process so as to restore the system before the MTD is reached, or is the Contingency Plan enacted to restore the system if the outage exceeds the MTD?


Does anyone else find the CP template on the NIST web site contradictory where it says in


Section 1.2 Scope:

Procedures in this ISCP are for moderate-impact systems and designed to recover {system name} within {RTO hours}. 


and Section 1.3 Assumptions:

  • The {system name} is inoperable at the {organization name} and cannot be recovered within {RTO hours}.

Appreciate any feedback.


1 Reply
Community Champion

Further down it clarifies a little more: 


Activation and Notification Phase – Activation of the ISCP occurs after a disruption or outage that may
reasonably extend beyond the RTO established for a system.


So after it goes past your RTO (Expected), you're on the MTD timeframe (Required). I'd look at this as while I'm still well within the RTO stage, I'd make the determination to activate the ISCP. The ISCP could be wipe and restore the system while also spinning up a virtual image in the cloud from a backup that meets RPO standards. The great thing about NIST is that if it doesn't make sense to your org, you can change it to meet your standards.


I look at the NIST ISCP plan as a system recovery plan IMHO. When I think of CP, I think of this system will not be back up in time to meet MTD and I need to have another system ready to take it's place until it can be recovered.