Back

Include test objectives and scope of testing in the continuity test plan.


CONTROL ID
14874
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity test plan., CC ID: 04896

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A disaster recovery test plan should include the test objectives and scope, test scenarios, test scripts with details of the activities to be performed during and after testing, system recovery procedures, and the criteria for measuring the success of the test. (§ 8.3.2, Technology Risk Management Guidelines, January 2021)
  • are consistent with its business continuity objectives; (§ 8.5 ¶ 2 a), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • To derive the most value from the test, the ISCP Coordinator should develop a test plan designed to examine the selected element(s) against explicit test objectives and success criteria. The use of test objectives and success criteria enable the effectiveness of each system element and the overall p… (§ 3.5.1 ¶ 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))