Which document primarily outlines the processes to restore critical business functions during a disaster?

A.  Business Impact Analysis (BIA)

B.  Incident Response Plan (IRP)

C.  Disaster Recovery Plan (DRP)

D.  Standard Operating Procedure (SOP)

Correct Answer: C

Explanation:
A. Business Impact Analysis (BIA)
The BIA is a preparatory and analytical document created during the early stages of Business Continuity Planning (BCP).

The Goal: It identifies and prioritizes business units and systems based on their criticality. It defines the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each function.

The Distinction: The BIA tells you what needs to be saved and how fast it must be back online, but it does not contain the step-by-step instructions on how to actually rebuild a server or restore a database.

B. Incident Response Plan (IRP)
The IRP is a tactical guide for handling a specific security event, such as a malware outbreak, data breach, or unauthorized access.

The Focus: It focuses on the six phases of incident response (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned).

The Scope: While an incident could escalate into a disaster, the IRP is generally used for events that can be handled within the normal operational framework of the security team. It does not address long-term infrastructure restoration or physical facility relocation.

C. Disaster Recovery Plan (DRP)
The DRP is a tactical, technical document that provides specific, step-by-step procedures for restoring IT systems and data after a catastrophic event.

Why it's the Answer: When a disaster strikes (like a fire, flood, or widespread ransomware), the DRP is the "playbook" that technical teams follow. It includes instructions for restoring servers from backups, failing over to a secondary "hot site," and re-establishing network connectivity.

The Big Picture: The DRP is actually a subset of the broader Business Continuity Plan (BCP). While the BCP handles the human and business side (e.g., "Where do employees sit?"), the DRP handles the technical side.

D. Standard Operating Procedure (SOP)
SOPs are routine documents that outline how to perform day-to-day administrative tasks.

The Nature: They are used to ensure consistency and quality in regular operations—such as "How to create a new user account" or "How to perform a monthly patch."

The Context: While some SOPs might be referenced within a DRP, an SOP is too narrow in scope to guide an entire organization through a disaster. SOPs are for "Business as Usual," whereas DRPs are for "Business in Crisis."

Key Takeaway for the CISSP Exam
The BCP/DRP Relationship:

• BIA: The "Prioritizer" (Identifies RTO/RPO).
• BCP: The "Umbrella" (Focused on people and business processes).
• DRP: The "Technical Playbook" (Focused on IT, servers, and data restoration).
• IRP: The "Defender" (Focused on stopping security attacks).