Designing a Disaster Recovery Plan Using NIST 800-34 Framework on the Information System of The Directorate General of Hajj and Umrah

Abstract

The Directorate General of Hajj and Umrah manages an information system that is used to provide services in the business process of organizing Hajj and Umrah, the services provided include registration, cancellation, settlement, portion assignment, hajj document management, embarkation operations, Saudi Arabia operations, and debarkation operations. The services are provided throughout the year, thus requiring infrastructure support and adequate information systems that can run24 hours a day. To maintain and ensure the continuity of Hajj and Umrah services, a Disaster Recovery Plan is designed, which is used as a guide in dealing with disasters or disturbances that can occur at any time and can disrupt all operational activities of the organization. In this study, the NIST 800-34 framework is used, starting with risk identification and assessment, Business Impact Analysis (BIA), preventive controls identification, contingency strategies, and contingency plans. The contingency plan preparation phase includes the activation phase, the recovery phase, and the reconstitution phase. Based on the result of research, there are ten risks that can threaten the continuity of information system services and based on Business Analysis Impact, services with a high critical level are Siskohat and Haji Pintar applications. The research produced is in the form of a Disaster Recovery Plan document that is adapted to the organizational conditions of the Directorate General of Hajj and Umrah.