SOC 2 requires tabletop exercises to be done annually. Secureframe shares a couple of different tabletop exercise templates for your company to use. We'd recommend allotting 1 hour of time for the exercise and documenting the attendees and lessons learned.
Each tabletop template has notes accompanying the exercise but this is the general layout for a tabletop exercise:
- Walk-through the policy relevant to your tabletop exercise
- Walk-through the tabletop exercise (or create your own scenario that you believe is more applicable to your company)
- At the end of the exercise, notate any "Lessons Learned" on any areas of improvement for your company
- Make those edits and changes to the policy in Secureframe