Impact assessment: for each electronic attack identified, an assessment
should be made of whether any malicious damage, including loss of data
integrity, has occurred and, if necessary, a specific recovery action plan drawn
up in line with the guidance in the incident recovery procedures.