Typically both are in the form of meeting minutes or notes loaded into Drata’s 'Evidence Library' section. You would hold a meeting to review your Business Continuity & Disaster Recovery Plan and a second meeting to review your Incident Response Policy. Include clear documentation of who was in attendance at the meeting, the date and time and items reviewed and discussed. Walk through the policies and a mock example for each. Discuss risk, breaking-points, as well as improvements that could be made to the the policies and processes surrounding them. All these talking points should be included in the meeting notes. Also be sure to include a “lessons learned” section on any table top test you complete.