According to ISO 22301, what is the recommended number of disaster recovery simulation (drill) to be conducted per year?
Assign topic to the user
ISO 22301 does not prescribe a number of disaster recovery simulations or tests to be conducted per year, only that tests must be performed to provide enough confidence that the plans will work properly when needed.
Considering that, the number and type of tests to be performed should consider:
- the criticality of the plan for business continuity (i.e., to which processes and services they are related to)
- the results of risk assessment and business impact analysis
- applicable legal requirements (e.g., laws, regulations, and contracts.)
In most cases, exercising and testing is done once a year.
This article will provide you a further explanation about BCP testing:
- How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/
This material will also help you regarding BCP testing:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Sep 08, 2020