Conduct external audits of the Business Continuity Plan testing program.

CONTROL ID
13216

CONTROL TYPE
Testing

CLASSIFICATION
Detective

This Control directly supports the implied Control(s):

Establish, implement, and maintain a business continuity plan testing program., CC ID: 14829

There are no implementation support Controls.

Conduct independent audit and assurance assessments according to relevant standards at least annually. (A&A-02, Cloud Controls Matrix, v4.0)
Risk monitoring and testing is the final step in the cyclical business continuity planning process. Risk monitoring and testing ensures that the institution's business continuity planning process remains viable through the: - Incorporation of the BIA and risk assessment into the BCP and testing prog… (Principles of the Business Continuity Testing Program, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)