Evaluate your current ICT disaster recovery plan against the requirements outlined in the standard. Identify what is missing (e.g., lack of supply chain risk planning, outdated RTO targets).
Conduct routine drills, ranging from tabletop exercises to full failover tests, to validate that your ICT systems perform as expected during a crisis.