I am currently preparing a business continuity plan using the ISO 22301 documentation from Advisera.
The company is quite specific. The basic IT infrastructure is provided by the parent company, while the IT infrastructure for our main product is located on the servers of the hosting provider. I wonder if there is a need to have a separate dedicated disaster recovery plan, instead of specific activity recovery plans. One of the activities in the company is responsible for the development of the main product and the procedures for possible restoration of the main product will be on their side. On the other hand, recovery after a disaster in matters related to other software provided by the parent company is the role of the parent company's IT and it has its own disaster recovery strategies and procedures. In your opinion, can I skip the separate disaster recovery plan in such a situation?
Is chapter four of the business continuity recovery plan template sufficient against standard clause 8.4.5? Or should I supplement my recovery plans with additional steps?