SEF-04: Incident Response Testing

PF v1.0 References:

Previous Version:

Control Statement

Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness.

Implementation Guidance

Periodically test, update, and verify the effectiveness of incident response plans using various event scenarios. For critical operations, plans should be tested at least annually. Test results should be documented and communicated—with follow-up action plans developed as appropriate. Incident response plans should be reconciled with the organization's business continuity and disaster recovery plans. Organizations should also test, update, and improve incident response plans after:

  1. Significant organizational changes.
  2. External supply chain disruptions and natural disasters.
  3. Security attacks, particularly those resulting in security breaches.

Auditing Guidance

  1. Verify if there is a calendar of exercises available, if exercises are performed at planned intervals and when there are significant changes within the organization or the context in which it operates.
  2. Verify if the organization has reviewed and acted upon the results of its exercising and testing to implement changes and improvements.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.