💼 28 Incident management - Incident response testing

Description

Empty...

Section	Sub Sections	Internal Rules	Policies	Flags
💼 74 Under CPS 234, an APRA-regulated entity must annually review and test its information security response plans to ensure they remain effective and fit-for-purpose. It is important that the success criteria for such tests are clearly defined, including the circumstances under which re-testing would be required. Test results could be reported to the appropriate governing body or individual, with associated follow-up actions formally tracked and reported.