Hi, i was wondering what evidence a auditor would be looking for when reviewing a Backup/Restore test as advised in A.12.3?
Would screenshots, a step by step procedure be sufficient?
Thanks in advance.
Examples of evidences for Backup/Restore test are:
- A filled form or screenshot identifying which information was requested to be backed up, the requester, the date of request, the date when the backup was performed, the result of the backup procedure (successful / fail) and where the backup was stored.
- A general schedule of the backup to be performed, identifying which information is planned to be backed up, the requester, the dates planned for backup, and where the backup must be stored
- A filled form or screenshot identifying which information was requested to be restored, the requester, the date of request, the date when the restore was performed, and the result of the restore procedure (successful / fail)
A backup procedure can't be used as evidence, because it is the starting point from which the auditor will verify if what was planned is being executed, so the backup procedure by itself is not enough.