Security evaluations

Hy all,

this will be my first post and I have a question regarding to my jorney to CEH certification.

so, from my understanding, going trough the ceh v10 book , a security professional that has to evaluate the risk of a company’s network, needs to do the following verifications, among others:

BCP, DRP, SLA

So, let’s say i work at a company that someone else hired me to do their security auditing. It is my job, as a security consultant, to create, lets say a Disaster Recovery Plan? and if so are any of the above required by law?

and by the way, are any templates out there good for use?