Disaster Recovery Plan (DRP)
Domain 4 — Information Systems Operations and Business Resilience
Definition
A Disaster Recovery Plan (DRP) is a subset of the BCP that focuses specifically on restoring IT infrastructure and systems after a major disruption. It details technical recovery procedures, system restoration priorities, backup verification processes, and the technical team's response sequence. IS auditors test DRPs through walkthroughs, component testing, and full-scale recovery rehearsals.
Real-World Audit Scenario
I audited a healthcare provider that had a DRP claiming a 2-hour RTO for their patient records system. When I asked to see the last recovery test, they showed me a partial test of a non-critical application. I requested a full failover test of the patient records system with the production team. During the test, the storage replication link failed because it was saturated with unrelated traffic, and the DR team could not access the alternate site because their access badges had not been provisioned. Actual recovery time: 14 hours.
Common Exam Trap
The exam distinguishes between BCP (business-focused, all functions) and DRP (IT-focused, technical recovery). A question about restoring servers after a flood is a DRP question. A question about relocating staff to an alternate site is a BCP question.
Test Your Understanding
Try a free practice question on this topic — see our 4-layer explanations and find out where you stand.
Try a Free Question →150 Free Practice Questions →