Question: Has the organization conducted incident-response drills or tabletop exercises to validate readiness?

Why This Matters

Practice reveals gaps that policies hide. Drills build confidence, reduce panic, and shorten response time when real crises occur.

Maturity

0 — Unaware
No testing performed.

1 — Ad Hoc
Unstructured discussion after major events.

2 — Defined
Annual tabletop exercise scheduled.

3 — Managed
Realistic scenarios; lessons logged and tracked.

4 — Integrated
Joint exercises with partners and vendors.

5 — Optimized
Continuous simulation and red-team validation.

From → To	Actions
0 → 1	Discuss past incidents informally.
1 → 2	Plan and run basic tabletop with core team.
2 → 3	Record findings and assign CAPAs.
3 → 4	Invite vendors/clients to joint exercise.
4 → 5	Adopt continuous red-/purple-team program.

Purpose	Tool	Notes
Simulation	Tabletop Toolkit / custom scripts	Offline drills.
CAPA tracking	Airtable / Odoo Community	Follow-ups.
Recording	Obsidian / Markdown	Evidence journal.

Standard	Clauses / Notes
ISO/IEC 27001:2022	A.5.24 / A.10 (Improvement)
CERT-In 2022	Section 30 (Exercise and Testing)
DPDP Act 2023	Sec 10 (Accountability)
NIST CSF 2.0	RS.IM / RC.MI
NIRMATA Mapping	IR-Q04 validates incident readiness testing.