Draft a step-by-step ransomware recovery runbook for [CompanyName] focused on restoring [Workload] from immutable backups using [ImmutableBackupTech]. Define phases: detection/containment, integrity assessment, clean-room restore, validation, and controlled cutover. Include decision points, go/no-go criteria, forensics preservation, and communication via [ContactBridge]. Target restoration within [RTO_Target] with minimal data loss. Assign a [DecisionAuthorityRole] for each major decision gate.
Output format:
Swimlane Procedure: Role | Step | Tool | Expected Output | Timing.
Pre-Checks & Evidence Table.
Cutover Plan with rollback.
Validation Checklist (hash checks, application tests, user acceptance).
Post-Incident Actions (root cause, hardening, audit artifacts).
The runbook must be executable by an on-call team without tribal knowledge.