Hello,
Within ISO is there any stated requirement of how often you should test your back-ups, sequel data bases, etc.. Annually, quarterly, yearly? Also, for BC testing and exercises?
Thank you,
Assign topic to the user
Considering the most used standards for these topics (ISO 27001 for information security and ISO 22301 for business continuity), these standards do not prescribe how often testing and exercises should be taken.
To comply with these standards, you need to perform a risk assessment and identify applicable legal requirements to define the proper frequency for these testing and exercises.
In case your risk assessment and requirements do not provide a proper reference, you can try starting with these suggestions:
- testing backups and sequel databases - e.g., once a quarter
- BC testing and exercises - e.g., once a year
For further information, see:
- Backup policy – How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/
- How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/
Comment as guest or Sign in
Jan 17, 2023