Develop a Denial of Service Response Plan
Create and maintain a plan to handle service disruptions for video calls and IP telephony.
Plain language
Imagine you're having a team video call or trying to make a phone call over the internet, and suddenly, it's impossible because of a problem blocking the service. This control ensures that you have a plan to quickly and effectively handle such disruptions so your business can continue running smoothly and not lose valuable time or client trust.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for communications systemsOfficial control statement
A denial of service response plan for video conferencing and IP telephony services is developed, implemented and maintained.
Why it matters
Without a DoS response plan, attacks can disrupt video conferencing and IP telephony, preventing calls/meetings and delaying incident coordination.
Operational notes
Exercise the DoS plan for VTC/SIP outages, including ISP/provider escalation, traffic filtering/rate-limits, failover routing, and comms to users.
Implementation tips
- The IT manager should work with team leads to develop a response plan targeting video conferencing and IP telephony disruptions. Start by identifying critical communication systems and brainstorming potential issues that could cause downtime, like internet outages or software glitches.
- Schedule regular training sessions: The IT team should hold workshops for staff on how to recognise when a service issue might be happening and who to notify. Use real-world scenarios to practise response steps, ensuring everyone knows their role in the plan.
- Create a clear communication protocol: The IT manager needs to set up a notification system that updates all employees when downtime occurs. This can be achieved by setting up group emails or a messaging platform to provide timely information and updates.
- Assign specific roles: Assign team members to handle different tasks during a service outage, ensuring that everyone knows their specific responsibility. Write down these roles and tasks in a document or shared online folder accessible to the team.
- Conduct regular testing: IT staff should perform scheduled simulations to test the response plan's effectiveness. This can include mock scenarios where services are deliberately disrupted, ensuring the team can respond quickly and make any necessary adjustments to the plan.
Audit / evidence tips
-
Askthe written summary of the denial of service response plan: Request the current document that details the procedures for dealing with video conferencing and IP telephony disruptions
Goodshows clear, actionable steps for all involved parties and regularly updated contact details
-
Askto see training records: Request a log or documentation of training sessions conducted with staff on handling service disruptions
-
Gooddisplays efficient use of communication tools to keep all staff informed
-
Askto view files or reports documenting the testing of the response plan. Inspect whether these reports detail the scenarios tested, results, and any improvements made
Goodprovides evidence of regular testing and a commitment to refining the response approach
-
Goodhas detailed descriptions and names easily understood by reviewing parties
Cross-framework mappings
How ISM-1019 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 5.24 | ISM-1019 requires a maintained DoS response plan for specific services to handle availability disruptions | |
| Annex A 5.30 | ISM-1019 requires a documented and maintained DoS response plan for video conferencing and IP telephony services | |
| handshake Supports (1) expand_less | ||
| Annex A 5.28 | ISM-1019 focuses on developing a DoS response plan for specific services | |
E8
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| E8-MF-ML2.12 | ISM-1019 requires an organisation to develop, implement and maintain a DoS response plan specifically for video conferencing and IP telep... | |
| E8-RA-ML2.13 | ISM-1019 creates a DoS response plan for video conferencing and IP telephony services | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.