A plan that outlines an organisation's recovery strategy for how they are going to respond to a cyber security incident.