I'm working for a small business with less than 100 employees, half of which are working remotely. There are no formal IT policies in place, except for some very general computer and network usage rules. How do you go about writing rigorous BCP and DR plans that make sense for my organization and can withstand an audit by clients?