NIST SP 800-34-Based Disaster Recovery Plan Framework for the National Committee for Sharia Economics

Authors

  • Khalil Mojadidi Universitas Bina Nusantara
  • Abba Suganda Girsang Universitas Bina Nusantara

DOI:

https://doi.org/10.59261/jequi.v8i3.340

Keywords:

Disaster Recovery Plan, Business Continuity, Risk Assessment NIST SP 800-34

Abstract

Background: In today’s digital era, information technology (IT) infrastructure is critical to organizational operations, making Disaster Recovery Planning (DRP) essential for business continuity. Institutions managing strategic data assets, such as KNEKS, must address risks from disasters, cyberattacks, and infrastructure failures during PDES development.

Objective: This study aims to identify KNEKS’s disaster recovery requirements under current and future PDES conditions and to develop a comprehensive DRP framework based on NIST SP 800-34.

Methods: A qualitative case study approach was employed using NIST SP 800-34 Rev. 1 as the primary framework, complemented by FIPS 199, SNI ISO 31000, and NIST SP 800-53. Data were collected through semi-structured interviews with IT managers and system administrators, supported by document analysis. Triangulation and member checking were used to ensure validity.

Results: The assessment revealed significant gaps in disaster recovery readiness, particularly in formalized policies, technical redundancy, and impact analysis procedures. Based on these findings, a tailored DRP framework was developed, incorporating activation, recovery, and reconstitution phases while maintaining scalability for future PDES expansion.

Conclusion: A comprehensive NIST SP 800-34-based DRP is essential to ensure KNEKS’s operational continuity. The proposed framework offers a structured and scalable approach to disaster recovery and provides a practical model for emerging public-sector, data-intensive institutions.

Downloads

Download data is not yet available.

References

Ahmad, A., Alshurideh, M., Al Kurdi, B., Aburayya, A., & Hamadneh, S. (2021). Digital transformation metrics: a conceptual view. Journal of Management Information and Decision Sciences, 24(7), 1–18.

Al Hassan, L. K. M. (2017). Information technology disaster recovery plan (IT DRP) framework–A study on IT continuity for smart city in Abu Dhabi smart government. The British University in Dubai.

Alifian, M. H., & Priharsari, D. (2021). Penyusunan Disaster Recovery Plan (DRP) menggunakan framework NIST SP 800-34 (Studi kasus pada perusahaan IT Nasional). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 5(10), 4673–4679. https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/10056

Almutawa, E. (2026). An investigative study into operational leadership’s disaster recovery (DR) planning at Dubai Civil Defence (DCD). University of Gloucestershire.

Arroyo-Melendez, A. E. (2026). Better IT Disaster Recovery and Procedures to Improve Response After Computer Crime. Walden University.

Ashrafi, R., & AlKindi, H. (2022). A framework for IS/IT disaster recovery planning. International Journal of Business Continuity and Risk Management, 12(1), 1–21. https://doi.org/10.1504/IJBCRM.2022.121645

Cedergren, A., Hassel, H., & Vallin, L. (2026). The Cost of Adaptability: Exploring the Dual Nature of Adaptive Capacity Through a Healthcare Case Study. Journal of Contingencies and Crisis Management, 34(2), e70178.

Craven, E., & Tomlinson, S. (2026). Contingency planning in farm practice. In Practice, 48(1), 8–17.

Creswell, J. W., & Creswell, J. D. (2018). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (5th ed.). SAGE Publications.

Dearniwati, E., Nurlette, G. A., Anwar, S., & Purwanto, H. (2025). Preparation of IT Disaster Recovery Plan (DRP) using NIST SP 800-34 Framework (Case Study: PT Pamapersada Nusantara, Jakarta). Eduvest-Journal of Universal Studies, 5(1), 954–962.

Dwi Pamungkas, E., Fatonah, N. S., Firmansyah, G., & Akbar, H. (2023). Disaster Recovery Plan analysis based on the NIST SP 800-34 framework (Case study: PT Wijaya Karya (Persero) Tbk.). Jurnal Indonesia Sosial Sains, 4(9), 936–947. https://doi.org/10.59141/jiss.v4i09.879

Epstein, B., & Khan, D. C. (2014). Application impact analysis: A risk-based approach to business continuity and disaster recovery. Journal of Business Continuity & Emergency Planning, 7(3), 230–237.

Ferrer, J. P., & Mandigma, M. B. S. (2026). Relationship of Perceived Organizational Support and Organizational Commitment on the Business Continuity Management of Selected Philippine Financial Shared Services Companies. Review of Integrative Business and Economics Research, 15(3), 459–476.

Hassel, H., & Cedergren, A. (2021). Integrating risk assessment and business impact assessment in the public crisis management sector. International Journal of Disaster Risk Reduction, 56, 102136. https://doi.org/10.1016/j.ijdrr.2021.102136

Hendaryatna, H., Firmansyah, G., Tjahjono, B., & Widodo, A. M. (2023). Performance evaluation of business continuity plan in dealing with threats and risks in Cilegon companies use ISO 22301:2019 & NIST SP 800-30 R1 frameworks case study: PT. X. Asian Journal of Social and Humanities, 1(12), 1159–1174. https://doi.org/10.59888/ajosh.v1i12.120

Kesa, D. M. (2023). Ensuring resilience: Integrating IT disaster recovery planning and business continuity for sustainable information technology operations. World Journal of Advanced Research and Reviews, 18(3), 970–992.

Lubis, M., Luthfi, M. I., Saedudin, R. R., Muttaqin, A. N., & Lubis, A. R. (2026). The Integration of ISO 27005 and NIST SP 800-30 for Security Operation Center (SOC) Framework Effectiveness in the Non-Bank Financial Industry. Computers, 15(1), 60.

Mohamed, H. (2014). A proposed model for IT disaster recovery plan. International Journal of Modern Education and Computer Science.

Rambharose, R. (2026). Theorising Recognition of Prior Learning Research in Higher Education: A Multidisciplinary Framework for Qualitative, Quantitative, and Mixed-Methods Inquiry. International Journal of Qualitative Methods, 25. https://doi.org/10.1177/16094069251404325

Saleem, K. (2008). Towards a business continuity information network for rapid disaster recovery.

Sawalha, I. H. (2021). Views on business continuity and disaster recovery. International Journal of Emergency Services, 10(3), 351–365.

Singh, A., & Alshammari, M. (2023). Advancing, empowering, and reshaping Saudi society through integrating e-learning technology into higher education. Int. J. Adv. Appl. Sci, 10, 178–187.

Singh, H. P., Alshammari, K., & Singh, H. P. (2021). Impacts of Digital technology-enabled personalized and adaptive learning on student learning performance: A TOE framework for Saudi Arabia. & Applied Sciences & Technologies, 12(13), 1–12.

Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. Newnes.

Stamenkov, G. (2025). Cloud service models, business continuity and disaster recovery plans, and responsibilities. International Journal of Organizational Analysis, 33(3), 437–451. https://doi.org/10.1108/IJOA-12-2023-4127

Supriyanto, A., Aknuranda, I., & Putra, W. H. N. (2019). Penyusunan Disaster Recovery Plan (DRP) berdasarkan framework NIST SP 800-34 (Studi kasus: Departemen Teknologi Informasi PT Pupuk Kalimantan Timur). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 3(8), 8212–8219. https://j-ptiik.ub.ac.id/index.php/j-ptiik

Suresh, N. C., Sanders, G. L., & Braunscheidel, M. J. (2020). Business continuity management for supply chains facing catastrophic events. IEEE Engineering Management Review, 48(3), 129–138.

Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010). Contingency planning guide for federal information systems. NIST Special Publication, 800–834.

Tatineni, S. (2023). Cloud-based business continuity and disaster recovery strategies. International Research Journal of Modernization in Engineering, Technology, and Science, 5(11), 1389–1397.

Downloads

Published

2026-07-09