Disaster Recovery Planning
Soetam Rizky Wicaksono
Disaster is something that man can deny, often it comes from human and sometimes happen
accidentally or it just happen because of some people intended to make it. However, most
organization is less aware thus when disaster happen there almost no planning at to recover and
to assure business continuity. This paper gives the importance of disaster recovery planning for
organization, especially for higher education organization such as university. It also explain the
value of high level management support in order to make disaster recovery planning successful
in an organization.
Keyword : Disaster Recovery Planning, Management
No one ever hope that disaster will come; however, disaster is something that man can
deny. There are many kind of disaster that can happen among us and many kind of negative
impact that can affect our life. Despite of all of other impact, this paper will focus on impact for
organization, especially organization that already implemented information system in it.
One thing to remember is that disaster often come from human rather than nature.
Disaster that comes from human sometimes happen accidentally or it just happen because of
some people intended to make it. Most of human accident is happen when the organization itself
is less aware about disaster and ignoring to have an established plan to handle disaster.
In an organization that has been already implementing information system, often under
estimate procedural way about how to overcome situation when disaster come. Even though this
area actually happens in technical area, which is responsibility for IT department, however all of
management area must include in its activity. This activity commonly named as disaster recovery
planning, that must assure that business process continuity will still occur, thus customers will
not feel disaster impact.
Since that disaster recovery planning (DRP) is not just about backup-recovery process, it
also do something more important than which will include all of staff in an organization. DRP
itself should be unique for each organization; however it must have the same rule and the same
blue print for similar organization. Thus, this paper tries to keep focus on educational
organization such as university. Hopefully it will make us all more aware about how to avoid
disaster and how to handle them if it really happen.
2. Literature Review
A disaster can best be defined as the occurrence of any event that causes a significant
disruption in IT capabilities. It is typically an event that disrupts the normal course of business to
the extent that monetary losses can be quantified (Maiwald, 2002). Disaster also defined as a
disruption that causes critical information resources to be inoperative for a period of time,
adversely affecting business operations (Keeler and Motlier, 2005). There are many disaster that
can hit an IT system for example, equipment failure, windstorm, earthquake, flooding, loss of
passwords, network failure, hazardous attack etc (Fullmer, 2005).
Disaster recovery is the ability to continue with services in the case of major outages,
often with reduced capabilities or performance (Gunda, 2001). Disaster recovery usually has
several discreet steps in the planning stages, though those steps blur quickly during
implementation because the situation during a crisis is almost never exactly to plan (Snedaker,
Disaster recovery is part of business continuity, therefore, company must have a disaster
recovery planning that can guarantee trustworthiness in customer relationship, whether the
company doing manufacturing business or services business. The reliability of IT system also
undertaking business continuity planning (BCP) that should come afterward disaster recovery
planning (Maiwald, 2002).
Continuous availability is a special subset of high availability that combines it with
continuous operation. The system must not have outages and service delivery must be ongoing,
without interruptions (Schmidt, 2006). A business continuity plan can be considered the all-
encompassing corporate plan that describes the processes and procedures an organization puts in
place to ensure all aspects of business can resume and be recovered should a disruption occur
(Rennel, 2006). Therefore, disaster recovery planning must ensure that there will be a high
availability in shortest time frame whenever the information system crash or having major
outage or minor outage (Schmidt, 2006).
First thing that must come out from organization when it start to have a DRP is how to
minimize cost of failure. Cost of failure is described at following figure:
Figure 1. Cost of Failure Components (Rizky, 2008)
It also must think of BCP to keep customer satisfaction and keep business process run
whatever it takes. Since that BCP is the ultimate destination in proposing DRP, so everyone in
organization must responsible in it. General steps of DRP proposal are (Rizky, 2008):
2. Risk Analysis
3. Business Impact Analysis
4. DRP Proposal
5. DRP Maintenance
Especially for higher education organization such as university, there are some special
questions to consider in DRP which are:
1. Is the campus environment already consider about safety for its personnel’s and customers ?
2. Is there already training/simulation or established procedure to handle disaster that already
3. Is there any insurance that guarantee people, environment and information system data when
disaster come ?
4. Is main part of information system already being located at “safe” place ?
5. Is there remote backup of information system database ?
6. Is there any personnel’s backup of IT department that can assure that business continuity will
still running even though all IT department staffs are on strike ?
7. Last but not least, is high level management already aware about DRP ? And if DRP will be
proposed, will they commit to make it such priority ?
DRP is considered as “small and unimportant” matter for some organization, however it
actually is big deal to keep business continuity in the future. It is not about backup-recovery
process that will be done by IT department when disaster come, but it also all organization’s
component duty to do it. Above all, high level management must also have high commitment to
support DRP in order to implement good and safe environment among their organization.
Even though DRP is always unique for each organization, there are some general
questions that must be asked before proposing DRP. Especially for higher education
organization, pre-questions of DRP is must be solved before the real DRP is come. Thus, all staff
must be included in brainstorming activity in order to support DRP.
Fullmer, L. Kennet, (2005), Business Continuity Planning: A Step-by-Step Guide with Planning
Forms, Double Take
Gunda, Bhaskar, (2001). High Availability and Disaster Recovery Strategies White Paper; Open
Keele, Allen and Keith Mortier, (2005), Exam Cramtm 2: CISA, Que
Maiwald, Eric and William Sieglein (2002), Security Planning & Disaster Recovery; Mc Graw
Rennel, Brace (2006). A Practical Guide to Disaster Recovery Planning: The Basics to Getting
Started, Whitepaper, Double Take
Rizky, Soetam, (2008), Disaster Recovery Planning, Prestasi Pustaka
Schmidt, Klaus, (2006), High Availability and Disaster Recovery; Springer
Snedaker, Susan, (2007), Business Continuity and Disaster Recovery for IT Professionals,