Designing Disaster Recovery Plan of Data System for University

According to the QS World University Rankings, Andalas University is a 3-star university and is in ranked 12th of the best universities in Indonesia based on the Indonesian Ministry of Research and Higher Education criteria. The university is located in three different areas which are Padang, Payakumbuh, and Dhamasraya. Currently, the university‘s Information and Communication Technology Development Unit which is responsible in managing the information and communication technology has no formal documentation of response procedures in an event of an emergency. Being used by some 26,702 students and staffs, the system is potentially corrupted by a few possible disasters like viruses, hackers, and server downs. Therefore it is crucial for the organization to plan a documented security action to protect essential archives and application software in anticipating the catastrophes. This study developed a Disaster Recovery Plan (DRP), as a document to act on accidents which may occur in occur in information system failures. It is a plan for rapid recovery from the disaster or the emergency response so that the organization does not perceive the impact given by the information system failure.


Introduction
Recently, organizations are often faced various types of disruptions that could affect to the organizations. The effects of each disruption might be different. Traditionally, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) as the main contingency plans are carried out separately in different time horizons within organizations. To face disruptive events that may happen, proactive planning of internal and external resources of the organization should be prepared so that the disasters will coped with effectively and efficiently [1], [2]. A disaster is defined as the occurrence of any event that causes a significant disruption in IT capabilities [3].
The disaster recovery plan will provide some activities to do in response to a disaster. This plan will provide effective and efficient ways to recover from any disaster that affect IT system in organizations. Disaster loses can be minimized by having a good disaster recovery plan for every business subsystem and operation within an enterprise. Every business disaster has one or more causes and effects. The causes can be natural, human or mechanical in origin, ranging from simple case such as a tiny hardware or software component's malfunctioning to universally recognized events such as earthquakes, fire, and flood. Effects of disasters range from small interruptions to total business shutdown for days or months, even fatal damage to the business [4].
Information Technology (IT) system has become vital to every aspect of business [5], [6]. IT Disaster Recovery Plan must contain requirements and steps that need to be taken in response to disaster that affect IT System in University (in this case is Andalas University). The fundamental goal of disaster  10.1088/1757-899X/697/1/012028 2 recovery plan is allowing basic business functions to resume and continue until system can be restored into its previous disaster functions [7]. This Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the case that a disaster occurs [8]. An effective solution that can be used to solve the problems in IT system. After disaster, the organizations should provide disaster recovery plan to restore all required frame vital business processes [9]. IT disaster recovery plans provides step-by-step procedures for recovering disrupted systems and networks, and help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery [9].
Disaster recovery plan will have an outcome as a disaster recovery plan document. This document will be the primary source in term of emergency when the disaster happened and attact the IT system. The disaster recovery plan documents will provide procedures to restore all the lost in IT system. Therefore, the document should be readable, simple and the instructions are detailed. The purpose of the document must be clearly stated in the introduction, defining the objectives the plan intends to achieve.
Specifically for information technology operations and management, it is namely ISO / IEC 27031. It provides guidance on the concepts and principles behind the role of information and communications technology (ICT) in ensuring business continuity. The International BCM (Business Continuity Management) Standard developed by ISO / TC 223 summarizes the BCM approach to prevent, react and recover from incidents. Activities involved in BCM are incident preparedness, operational continuity management, Disaster Recovery Planning (DRP) and risk mitigation that focus on improving the resilience of the organization and preparing it to react effectively to incidents and recover predetermined timeframes [10], [11].
Andalas University is a 3-star university and it is in ranked 12th of the best universities in Indonesia based on the Indonesian Ministry of Research and Higher Education criteria. The university is located in three different areas which are Padang, Payakumbuh, and Dhamasraya. The university's Information and Communication Technology Development Unit which is responsible in managing the information and communication technology and in providing applications that are used for the academic community. Based on its responsibility, the unit is the center of information and storage of all important files or data that must be maintain so the system of Andalas University runs continuously. Currently, it has no formal documentation of response procedures in an event of an emergency. If a disaster happens, it can cause lost and damage of all information. Furthermore the organization and lecturer system can be paralysis. The purpose of this research is to design a Disaster Recovery Plan for Information and Communication Technology Development Unit of Andalas University.

Method
The data and information being collected were related to the problems faced in information systems, especially regarding handling in disasters. In addition, data deals with designing a Disaster Recovery Plan were also being collected. The Data and information regarding the Information and Communication Technology Development Unit were obtained from direct observation, interviews, and discussions with related experts. The stages of the survey were carried out with literature related to this study. Literature studies were carried out by reading theories on books and journals which concern in Disaster Recovery Plan and also collecting information from the online sources through internet. The method used in this study was ISO 27031. This was chosen since it offers several advantages such as: 1. ISO is a standard with a middle to upper area coverage 2. ISO is suitable for use in IT management 3. The framework can be used to manage technology and information infrastructure in organizations, and ways to provide the best service for users of information technology. 4. The framework is used since it can help them at the highest level of the organization to achieve and fulfill their legal, regulatory and ethical requirements in terms of the use of IT organizations.
The design of DRP began by analyzing the running system and identifying threats that occurred, both from the outside and originating from within. After obtaining a risk assessment one of steps in risk management process then risk analysis is carried out for determining the level of each risk [12]. The risk assessment has been validated and verified by the expert. Determination of risk level is done by using the Failure Mode and Effect Analysis (FMEA) method [13], [14]. Then the Business Impact Analysis (BIA) is carried out. It is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency [15].
BIA is analyzed using qualitative and quantitative approach. The qualitative analysis is for obtaining an assessment from the point of view of the system manager and user regarding the critical assets at the Information and Communication Technology Development Unit of Andalas University. While, the quantitative analysis is for getting assessment from the point of view of the productivity of the existing system and, it is also to sharpen the result of qualitative method. In the quantitative approach, Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two important parameters of a disaster recovery or data protection plan which are being calculated [16], [17], [18]. These are objectives which can guide enterprises to choose an optimal data backup plan.
Finally, the design of the content of the Disaster Recovery Plan is based on the standard of ISO/IEC 27031. At the end, the validation process is done by the stakeholders at the Information and Communication Technology Development Unit of Andalas University to prove that the DRP document has already fulfilled the needs of the unit.

Finding and Result
The Risk Assessment stages based on ISO 27031 are as follows: 1. Identify the potential failure mode. 2. Determine the potential impact on ICT services; the severity of each failure mode. 3. Identify the frequency of failure modes that the organization has prior experience, as well as ease of monitoring and detection of failure modes. 4. Identify indicators that will provide signals or information of failing components. . 5. Identify the direct and indirect events that are related, and will change the state of each indicator. 6. Identify existing controls that prevent important components of failure, or can detect those failures. 7. Identify related data sources, and possible methods for detecting changes in indicator values. 8. Identify whether suitable risk reduction or elimination of controls can be applied to prevent such ooccurrences.
At this stage, risk identification was carried out from the literature which specifically threatens the information systems. The potential risks to the information system from previous research are shown in Table 1.  Table 2 shows the risks after the validation from the expert. The level for Detectability is shown in Table 5   Table 5. = 210 From the value of the RPN, it could be seen that the risk rating has the most potential for failure of the Information and Communication Technology Development Unit of Andalas University. The highest RPN value was the most potential risk. The RPN calculation result is shown in Table 6. The next step is the Business Impact Analysis, which was a step to determine RTO and RPO values for each critical server in the Information and Communication Technology Development Unit of Andalas University. RTO value was needed to see how long the server are cut off during repairing if a disaster occurs that causes the server to be cut off. The RTO assessment is shown in Table 7. Table 7. RTO Assessment

RTO (Recovery Time Objective)
RTO is defined as how long a user tolerates a loss before regaining use of the application. Simply put: "Recovery that is 0 minutes away -immediate recovery / no interruption in service" 0 Recovery within 0 hours -0 days 1 Recovery within 24 hours -1 day 2 Recovery within 48 hours -2 days 3 Recovery within 72 hours -3 days 4 Recovery is greater than 72 hours -> 3 days While the RPO assessment is to see how much data is allowed to disappear if a disaster occurs. This RPO value is very influential on the backup method of the server that is in the Information and Communication Technology Development Unit of Andalas University. The RPO Assessment is shown in Table 8.

RPO (Recovery Point Objective)
"RTO is defined as how much user data will be lost. If the system that supports your business process fails, the data can be recovered and how many losses can be received? 0 No data is allowed to be lost 1 In the last 8 hours regardless of when the disturbance occurred 2 All data entered since the last backup must be re-inputted 3 It can take up to one week of lost data to be reconstructed The value of RTO and RPO were determined by distributing questionnaires. The distribution of the questionnaire was filled out by one person from each division, namely the network division, the data collection division, and the multimedia division. The questionnaires were distributed to three people with the aimed to obtain accurate data on the state of the Information and Communication Technology Development Unit of Andalas University. To see the criticality of the server, it can be seen from how long the server is cut off. The RTO Value on each the Information and Communication Technology Development Unit of Andalas University Server is shown in Table 9.  In planning DRP, a backup server location was needed to maintain data security. The location's indicators is referred to ISO 27031, which is compared to the circumstances of each location. The alternative locations and considerations is shown in Table 11.  10 The design of the DRP document for the Information and Communication Technology Development Unit of Andalas University are based on the ISO/IEC 27031. The standard content that must be in the DRP document has been set at ISO / IEC 27031 as follows; Purpose and scope, Roles and responsibility, Calling Plans, Response and Recovery Plan, Application Recovery Team. The plan must be documented so that competent personnel can use it in the event of an incident. Documentation must define the overall framework in which the recovery plan is prepared, which includes; Overall strategy, Critical services based from RTO and RPO values, Timeline for recovery, Recovery team and their responsibilities before and during the disaster. The plan must be documented so that competent personnel team can use it in the event of an incident. The documentation consist of Purpose, Coverage based on the BIA, Availability requirements determined by the business for the availability of services and related technologies, Information security requirements, the appendix. The Appendix consist of Inventory of information systems, applications, and databases; Review of network infrastructure and server names; Inventory of hardware and software system; Service level contracts and agreements. Last the documentation the main ICT supplier. After designing the DRP document, the document validation is carried out. The document was validated by Mr. Hendra Gunawan as chairman of the Information and Communication Technology Development Unit of Andalas University, Mr. Prama Wahyudi as the multimedia division, Mr. Rudi as the network division. The results of the validation by the validator show that the DRP document designed is in accordance with the needs of the unit.

Conclusion
This research has developed Disaster Recovery Plan (DRP) documents for data systems in the Information and Communication Technology Development Unit of Andalas University. In the DRP documents consist of quick response procedures and activities in the event of a disaster. This DRP documents will be used in the event of a disaster not for daily operational activities. In the DRP document there is a risk analysis. It analysis what potential destroy the data system by using FMEA method. This DRP documents also have RTO and RPO values that will be used to save the system and the location of backup service which later can be used as a backup server during the repairing of the main server. Suggestions for further research on DRP covers documents and also requiring costs.

Acknowledgment
Authors would like to thank the Engineering Faculty of Universitas Andalas for providing publication grant 2019 with contract number 017/UN.16.09.D/PL/2019.