I work with a lot of orgs and review their policies and documentation.
What I typically see:
A BC/DR Policy document
A CSIR Policy document
A BIA document listing critical applications and their owner, RTO, RPO, etc
A BC/DR plan document (larger orgs will have this as 2 separate plans), which gives the details on how these are done.
A CSIR plan document. Some groups will have a 'run book' or 'play book' with details on how to handle different specific incidents (DDOS attack, malware, ransomware, etc)
Ideally, orgs should do a run thru of their BC plan, DR plan and CSIR plan on at least an annual basis. I am really impressed when orgs do this more then once a year, but that seems rare.
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, ISSA Fellow