SOC 2 Academy: Testing Your Business Continuity Plan

Author: kirkpatrickprice00

Description: Learn more at

The importance of testing your business continuity plan comes down to this: if disaster strikes and you haven’t effectively practiced implementing your business continuity plan, how will you know for certain if it works? There’s no telling how extreme a disaster will be, so practicing different scenarios on a regular basis should be a top priority amongst organizations pursuing SOC 2 compliance. For example, if your organization is impacted by a tornado and you have a critical employee who is unable to come into the office because of that disaster, how will your business continuity plan work? Is there someone else who could carry out that person’s responsibilities to ensure that your services remain available as agreed upon?
When an auditor is assessing compliance with availability criteria 1.3, they’ll use two main points of focus to guide them. First, they’ll want to validate that your organization is testing your business continuity plan on a period basis. They’ll do so by checking that your business continuity plan testing includes the following:
- Developing different testing scenarios based on threat likelihood and magnitude
- Considering system components from across your organization that might impair the availability of your system
- Using scenarios that consider the potential lack of availability of key personnel
- Revising your business continuity plan based on the results of testing
Secondly, auditors will want to ensure that your organization tests for the integrity and completeness of backup data on a regular basis.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701