What is the primary purpose of a disaster recovery plan (DRP) in Annex B context?

Disaster recovery planning centers on outlining how an organization will recover IT systems and business operations after a disruptive event, with concrete targets for time to recover and data loss tolerance. The plan specifies the steps to take, the order in which systems are restored, who is responsible, how communication flows, and the backup and restoration procedures and facilities needed to resume operations. At the heart of it are the Recovery Time Objective (RTO) and Recovery Point Objective (RPO): RTO defines how quickly you must be back up, and RPO defines the maximum amount of data you can afford to lose. These targets guide restoration activities and testing to minimize downtime and data loss during an outage. Acquiring new systems after a failure falls outside the primary purpose of the plan, which is about restoring existing operations rather than procurement. Real-time monitoring of security events belongs to security operations and incident response, not the recovery plan. Managing software development lifecycles is about building software, not restoring operations after disruption.