Include test requirements for the business continuity function in the business continuity testing policy.

CONTROL ID
13237

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.

Has a program to ensure the BCMS achieves its outcomes, requirements and objectives been developed and put in place? (Leadership ¶ 4, ISO 22301: Self-assessment questionnaire)
Determine whether the institution has a business continuity testing policy that sets testing expectations for the enterprise-wide continuity functions, business lines, support functions, and crisis management. (TIER I OBJECTIVES AND PROCEDURES Risk Monitoring and Testing Objective 11: Testing Policy 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
Comprehensive program objectives and plans of exercises and tests to validate the ability to restore critical business functions in a timely manner. (VII Action Summary ¶ 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
Establishing measurable goals against which business continuity performance is assessed. (App A Objective 2:5d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)