ur organization has achieved ISO27001:2013 certification for few years. All the while, we have conducted the Full Testing for our IT Dr drill.
Recently, we switched to the Table Top or Plan Walkthrough for our drill. Would this meet the ISMS certification requirements during the surveillance audit?
As far as my understanding of Annex A.17.1 of ISO 27001:2013, a performed test or drill is considered already fulfilling the requirements.
ISO 27001 does not prescribe how to test a Disaster Recovery Plan, so organizations are free to use the approach that better suits them, provided they can show evidence that the plan is fit for purpose.
This article will provide you a further explanation about testing a DRP (although it is about ISO 22301, the same concepts apply to ISO 27001):