Documentation of all computer system and physical controls is required.
In the event of an incident, having a documented plan on the who, what, where and when is key to addresses the situation timely and potentially limiting the exposure of a breach.
Scanning systems is advised to ensure security from all known vulnerabilities.
In the event, your network breached, having intrusion detection/response will alert key personnel and potentially stop the attack.
Best practice is to have an offsite backup solution.
Human error is the greatest attack vector, regular employee training introduces/re-enforces good security hygiene and habits.
*May vary depending on current technology provider’s response time