Disaster Recovery PlanningSoetam Rizky Wicaksono

Abstract Disaster is something that man can deny, often it comes from human and sometimes happen accidentally or it just happen because of some people intended to make it. However, most organization is less aware thus when disaster happen there almost no planning at to recover and to assure business continuity. This paper gives the importance of disaster recovery planning for organization, especially for higher education organization such as university. It also explain the value of high level management support in order to make disaster recovery planning successful in an organization.Keyword : Disaster Recovery Planning, Management

1. Introduction

No one ever hope that disaster will come; however, disaster is something that man can

deny. There are many kind of disaster that can happen among us and many kind of negative

impact that can affect our life. Despite of all of other impact, this paper will focus on impact for

organization, especially organization that already implemented information system in it.

One thing to remember is that disaster often come from human rather than nature.

Disaster that comes from human sometimes happen accidentally or it just happen because of

some people intended to make it. Most of human accident is happen when the organization itself

is less aware about disaster and ignoring to have an established plan to handle disaster.

In an organization that has been already implementing information system, often under

estimate procedural way about how to overcome situation when disaster come. Even though this

area actually happens in technical area, which is responsibility for IT department, however all of

management area must include in its activity. This activity commonly named as disaster recovery

planning, that must assure that business process continuity will still occur, thus customers will

not feel disaster impact.

Since that disaster recovery planning (DRP) is not just about backup-recovery process, it

also do something more important than which will include all of staff in an organization. DRP

itself should be unique for each organization; however it must have the same rule and the same

blue print for similar organization. Thus, this paper tries to keep focus on educational

organization such as university. Hopefully it will make us all more aware about how to avoid

disaster and how to handle them if it really happen.

1

2. Literature Review

A disaster can best be defined as the occurrence of any event that causes a significant

disruption in IT capabilities. It is typically an event that disrupts the normal course of business to

the extent that monetary losses can be quantified (Maiwald, 2002). Disaster also defined as a

disruption that causes critical information resources to be inoperative for a period of time,

adversely affecting business operations (Keeler and Motlier, 2005). There are many disaster that

can hit an IT system for example, equipment failure, windstorm, earthquake, flooding, loss of

passwords, network failure, hazardous attack etc (Fullmer, 2005).

Disaster recovery is the ability to continue with services in the case of major outages,

often with reduced capabilities or performance (Gunda, 2001). Disaster recovery usually has

several discreet steps in the planning stages, though those steps blur quickly during

implementation because the situation during a crisis is almost never exactly to plan (Snedaker,

2007).

Disaster recovery is part of business continuity, therefore, company must have a disaster

recovery planning that can guarantee trustworthiness in customer relationship, whether the

company doing manufacturing business or services business. The reliability of IT system also

undertaking business continuity planning (BCP) that should come afterward disaster recovery

planning (Maiwald, 2002).

Continuous availability is a special subset of high availability that combines it with

continuous operation. The system must not have outages and service delivery must be ongoing,

without interruptions (Schmidt, 2006). A business continuity plan can be considered the all-

encompassing corporate plan that describes the processes and procedures an organization puts in

place to ensure all aspects of business can resume and be recovered should a disruption occur

(Rennel, 2006). Therefore, disaster recovery planning must ensure that there will be a high

availability in shortest time frame whenever the information system crash or having major

outage or minor outage (Schmidt, 2006).

3. Discussion

First thing that must come out from organization when it start to have a DRP is how to

minimize cost of failure. Cost of failure is described at following figure:

2

Figure 1. Cost of Failure Components (Rizky, 2008)

It also must think of BCP to keep customer satisfaction and keep business process run

whatever it takes. Since that BCP is the ultimate destination in proposing DRP, so everyone in

organization must responsible in it. General steps of DRP proposal are (Rizky, 2008):

1. Initialization

2. Risk Analysis

3. Business Impact Analysis

4. DRP Proposal

5. DRP Maintenance

Especially for higher education organization such as university, there are some special

questions to consider in DRP which are:

1. Is the campus environment already consider about safety for its personnel’s and customers ?

2. Is there already training/simulation or established procedure to handle disaster that already

announced ?

3. Is there any insurance that guarantee people, environment and information system data when

disaster come ?

4. Is main part of information system already being located at “safe” place ?

5. Is there remote backup of information system database ?

6. Is there any personnel’s backup of IT department that can assure that business continuity will

still running even though all IT department staffs are on strike ?

7. Last but not least, is high level management already aware about DRP ? And if DRP will be

proposed, will they commit to make it such priority ?

3

4. Conclusion

DRP is considered as “small and unimportant” matter for some organization, however it

actually is big deal to keep business continuity in the future. It is not about backup-recovery

process that will be done by IT department when disaster come, but it also all organization’s

component duty to do it. Above all, high level management must also have high commitment to

support DRP in order to implement good and safe environment among their organization.

Even though DRP is always unique for each organization, there are some general

questions that must be asked before proposing DRP. Especially for higher education

organization, pre-questions of DRP is must be solved before the real DRP is come. Thus, all staff

must be included in brainstorming activity in order to support DRP.

5. References

Fullmer, L. Kennet, (2005), Business Continuity Planning: A Step-by-Step Guide with Planning Forms, Double Take

Gunda, Bhaskar, (2001). High Availability and Disaster Recovery Strategies White Paper; Open System Technology

Keele, Allen and Keith Mortier, (2005), Exam Cramtm 2: CISA, Que

Maiwald, Eric and William Sieglein (2002), Security Planning & Disaster Recovery; Mc Graw Hill

Rennel, Brace (2006). A Practical Guide to Disaster Recovery Planning: The Basics to Getting Started, Whitepaper, Double Take

Rizky, Soetam, (2008), Disaster Recovery Planning, Prestasi Pustaka

Schmidt, Klaus, (2006), High Availability and Disaster Recovery; Springer

Snedaker, Susan, (2007), Business Continuity and Disaster Recovery for IT Professionals, Syngress

4