Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities.
The plan should be executed at regular intervals based on the organization’s BIA. It should be performed as a tabletop exercise and incorporate an annual live event with local authorities (e.g., fire departments, health officials, police departments, anti-terrorist organizations, and anti-cybercrime groups). Depending on regulatory requirements, the business, and the industry, a disaster recovery (DR) exercise might be required. For example, financial institutions may consider running live on DR for extended periods or simulate component or partial failures to test overall organizational resiliency and recovery abilities.
- Examine the policy for planning and scheduling disaster response exercises, and involving local emergency authorities, if possible.
- Evaluate if plans are tested upon significant changes, or at least annually.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.