Greetings! I am a new IT Auditor and currently audits the BCP of a client. My client has no prioritization of which critical systems to be recovered in case of contingency/disaster. However, it has presented a list of priority systems that is currently addressed by its Problem Management policy. Is it acceptable to take the prioritization made in my client's Problem Management policy or do I need to ask them to formulate a separate prioritization of critical systems for BCP? Please advise. Thank you very much!