We keep having a repeat audit finding that we don’t have a DRP Plan. However we do have an ICT BCP Plan. We don’t want to have to create a separate DRP document just to close an audit if it doesn’t make sense.
So my question is, specifically for the ICT department, should this be just one document called the IT DRP Plan? Is it a matter of just renaming it?
Also what ISO standard should I refer to to ensure that the DRP Plan meets all the requirements of a DRP? If anyone has resources/ templates that would be great. Thank you.