Guest
Table Top Exercise /Drill Validity in meeting ISMS Certification
ur organization has achieved ISO27001:2013 certification for few years. All the while, we have conducted the Full Testing for our IT Dr drill.
Recently, we switched to the Table Top or Plan Walkthrough for our drill. Would this meet the ISMS certification requirements during the surveillance audit?
As far as my understanding of Annex A.17.1 of ISO 27001:2013, a performed test or drill is considered already fulfilling the requirements.
Assign topic to the user
Expert
Rhand Leal
Jul 08, 2020
ISO 27001 does not prescribe how to test a Disaster Recovery Plan, so organizations are free to use the approach that better suits them, provided they can show evidence that the plan is fit for purpose.
This article will provide you a further explanation about testing a DRP (although it is about ISO 22301, the same concepts apply to ISO 27001):
- How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/
This material will also help you regarding a DRP:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Jul 08, 2020
Jul 08, 2020
Jul 08, 2020