Description
Annual tabletop exercise to test incident response plan. Required by PCI DSS, HIPAA, SOC 2, NIST, and ISO 27001.
Requirements
- Schedule tabletop exercise
- Define exercise scenario
- Conduct exercise with key stakeholders
- Document lessons learned
- Update IR plan based on findings
Applicable To
All Regulated Organizations
Penalty Information
âš Untested incident response plans may fail during actual incidents.