An effective organizational structure should include personnel with the appropriate responsibilities, authority, and expertise to anticipate, manage, and reduce disruptions. ICT continuity actions, including “respond and recover” instructions, should be continually reviewed through exercises and tests and approved. Examples of procedures to prepare for ICT readiness include auditing tools, penetration testing, interface testing, testing the organization’s backups, restoration testing, and uptime and downtime monitoring for key information assets.