Tested recovery
We rebuild your critical software from its deposit and confirm it runs, so recovery is proven, not presumed.
Your recovery plan describes how your systems recover. A.5.30 now expects proof it works. Codekeeper rebuilds the software you depend on, confirms it recovers within your target times, and packages it into an ISO 27001 Evidence Pack for your auditor.
It isn’t a one-time exercise, either. Every system change makes last year’s test stale, so readiness has to be retested to stay valid.
However well your DR plan reads, the certificate stays unsigned until you can prove recovery works.
We rebuild your critical software from its deposit and confirm it runs, so recovery is proven, not presumed.
You get a dated, signed record that recovery was demonstrated, and when.
The pack ties each piece of evidence to the clause it satisfies, leaving nothing for the auditor to infer.
Your recovery is timed against the targets your business impact analysis (BIA) set, so “within agreed timeframes” stops being a guess.
We rerun the test on a set schedule, so readiness stays current between surveillance audits instead of going stale after one pass.
Software vendors hand clients a single pack that settles their A.5.30 evidence, instead of working through a questionnaire round.
The ones whose failure would halt your business are where A.5.30 expects you to prove readiness.
An automated rebuild plus expert review runs from a vault kept separate from production, so your evidence stays current.
The certificate, the recovery test report, and the A.5.30 mapping arrive ready to drop into your audit file.
Set up in a day. From there, the pack stays current on its own.
Book a demoJordan Adler
Ross Kilshaw
Thiago Mendes
We’ll email the sample ISO 27001 continuity evidence pack to you.