Forkomil 2009 Soetam


Published on

Dokumen untuk Forkomil

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Forkomil 2009 Soetam

  1. 1. Disaster Recovery Planning Soetam Rizky Wicaksono Abstract Disaster is something that man can deny, often it comes from human and sometimes happen accidentally or it just happen because of some people intended to make it. However, most organization is less aware thus when disaster happen there almost no planning at to recover and to assure business continuity. This paper gives the importance of disaster recovery planning for organization, especially for higher education organization such as university. It also explain the value of high level management support in order to make disaster recovery planning successful in an organization. Keyword : Disaster Recovery Planning, Management 1. Introduction No one ever hope that disaster will come; however, disaster is something that man can deny. There are many kind of disaster that can happen among us and many kind of negative impact that can affect our life. Despite of all of other impact, this paper will focus on impact for organization, especially organization that already implemented information system in it. One thing to remember is that disaster often come from human rather than nature. Disaster that comes from human sometimes happen accidentally or it just happen because of some people intended to make it. Most of human accident is happen when the organization itself is less aware about disaster and ignoring to have an established plan to handle disaster. In an organization that has been already implementing information system, often under estimate procedural way about how to overcome situation when disaster come. Even though this area actually happens in technical area, which is responsibility for IT department, however all of management area must include in its activity. This activity commonly named as disaster recovery planning, that must assure that business process continuity will still occur, thus customers will not feel disaster impact. Since that disaster recovery planning (DRP) is not just about backup-recovery process, it also do something more important than which will include all of staff in an organization. DRP itself should be unique for each organization; however it must have the same rule and the same blue print for similar organization. Thus, this paper tries to keep focus on educational organization such as university. Hopefully it will make us all more aware about how to avoid disaster and how to handle them if it really happen. 1
  2. 2. 2. Literature Review A disaster can best be defined as the occurrence of any event that causes a significant disruption in IT capabilities. It is typically an event that disrupts the normal course of business to the extent that monetary losses can be quantified (Maiwald, 2002). Disaster also defined as a disruption that causes critical information resources to be inoperative for a period of time, adversely affecting business operations (Keeler and Motlier, 2005). There are many disaster that can hit an IT system for example, equipment failure, windstorm, earthquake, flooding, loss of passwords, network failure, hazardous attack etc (Fullmer, 2005). Disaster recovery is the ability to continue with services in the case of major outages, often with reduced capabilities or performance (Gunda, 2001). Disaster recovery usually has several discreet steps in the planning stages, though those steps blur quickly during implementation because the situation during a crisis is almost never exactly to plan (Snedaker, 2007). Disaster recovery is part of business continuity, therefore, company must have a disaster recovery planning that can guarantee trustworthiness in customer relationship, whether the company doing manufacturing business or services business. The reliability of IT system also undertaking business continuity planning (BCP) that should come afterward disaster recovery planning (Maiwald, 2002). Continuous availability is a special subset of high availability that combines it with continuous operation. The system must not have outages and service delivery must be ongoing, without interruptions (Schmidt, 2006). A business continuity plan can be considered the all- encompassing corporate plan that describes the processes and procedures an organization puts in place to ensure all aspects of business can resume and be recovered should a disruption occur (Rennel, 2006). Therefore, disaster recovery planning must ensure that there will be a high availability in shortest time frame whenever the information system crash or having major outage or minor outage (Schmidt, 2006). 3. Discussion First thing that must come out from organization when it start to have a DRP is how to minimize cost of failure. Cost of failure is described at following figure: 2
  3. 3. Figure 1. Cost of Failure Components (Rizky, 2008) It also must think of BCP to keep customer satisfaction and keep business process run whatever it takes. Since that BCP is the ultimate destination in proposing DRP, so everyone in organization must responsible in it. General steps of DRP proposal are (Rizky, 2008): 1. Initialization 2. Risk Analysis 3. Business Impact Analysis 4. DRP Proposal 5. DRP Maintenance Especially for higher education organization such as university, there are some special questions to consider in DRP which are: 1. Is the campus environment already consider about safety for its personnel’s and customers ? 2. Is there already training/simulation or established procedure to handle disaster that already announced ? 3. Is there any insurance that guarantee people, environment and information system data when disaster come ? 4. Is main part of information system already being located at “safe” place ? 5. Is there remote backup of information system database ? 6. Is there any personnel’s backup of IT department that can assure that business continuity will still running even though all IT department staffs are on strike ? 7. Last but not least, is high level management already aware about DRP ? And if DRP will be proposed, will they commit to make it such priority ? 3
  4. 4. 4. Conclusion DRP is considered as “small and unimportant” matter for some organization, however it actually is big deal to keep business continuity in the future. It is not about backup-recovery process that will be done by IT department when disaster come, but it also all organization’s component duty to do it. Above all, high level management must also have high commitment to support DRP in order to implement good and safe environment among their organization. Even though DRP is always unique for each organization, there are some general questions that must be asked before proposing DRP. Especially for higher education organization, pre-questions of DRP is must be solved before the real DRP is come. Thus, all staff must be included in brainstorming activity in order to support DRP. 5. References Fullmer, L. Kennet, (2005), Business Continuity Planning: A Step-by-Step Guide with Planning Forms, Double Take Gunda, Bhaskar, (2001). High Availability and Disaster Recovery Strategies White Paper; Open System Technology Keele, Allen and Keith Mortier, (2005), Exam Cramtm 2: CISA, Que Maiwald, Eric and William Sieglein (2002), Security Planning & Disaster Recovery; Mc Graw Hill Rennel, Brace (2006). A Practical Guide to Disaster Recovery Planning: The Basics to Getting Started, Whitepaper, Double Take Rizky, Soetam, (2008), Disaster Recovery Planning, Prestasi Pustaka Schmidt, Klaus, (2006), High Availability and Disaster Recovery; Springer Snedaker, Susan, (2007), Business Continuity and Disaster Recovery for IT Professionals, Syngress 4