The Directorate General of Hajj and Umrah manages an information system that is used to provide services in the business process of organizing Hajj and Umrah, the services provided include registration, cancellation, settlement, portion assignment, hajj document management, embarkation operations, Saudi Arabia operations, and debarkation operations. The services are provided throughout the year, thus requiring infrastructure support and adequate information systems that can run24 hours a day. To maintain and ensure the continuity of Hajj and Umrah services, a Disaster Recovery Plan is designed, which is used as a guide in dealing with disasters or disturbances that can occur at any time and can disrupt all operational activities of the organization. In this study, the NIST 800-34 framework is used, starting with risk identification and assessment, Business Impact Analysis (BIA), preventive controls identification, contingency strategies, and contingency plans. The contingency plan preparation phase includes the activation phase, the recovery phase, and the reconstitution phase. Based on the result of research, there are ten risks that can threaten the continuity of information system services and based on Business Analysis Impact, services with a high critical level are Siskohat and Haji Pintar applications. The research produced is in the form of a Disaster Recovery Plan document that is adapted to the organizational conditions of the Directorate General of Hajj and Umrah.

information system, disaster recovery plan, NIST 800-34

Kementerian Agama Republik Indonesia, “Peraturan Menteri Agama Republik Indonesia Nomor 42 Tahun 2016 tentang Organisasi dan Tata Kerja Kenenterian Agama”, Indonesia, 2016

Pemerintah Republik Indonesia, “Undang-Undang Republik Indonesia Nomor 8 Tahun 2019 tentang Penyelenggaraan Ibadah haji dan Umrah”, Indonesia, 2019

R.E. Indrajit, “Konsep dan Strategi Keamanan Informasi di Dunia Cyber”, Yogyakarta: Graha Ilmu, 2014

R. Budiarto, “Manajemen Risiko Keamanan Sistem Informasi”, Journal of Computer Engineering System and Science, vol. 2 (2), pp. 48-58, 2017

Yakub, “Pengantar Sistem Informasi”, Yogyakarta: Graha Ilmu, 2012

M.E. Whittmen, H.J. Mattord, “Management of Information Security Fourth Edition”, Course Technology Cengage Learning, Stamford, 2013

S.R. Wicaksono, “Disaster Recovery Planning”, Jakarta: Seribu Bintang, 2009

M.Z. Agung, “Perancangan Disaster Recovery Plan Sistem Informasi Akademik dengan Pendekatan Kerangka Kerja NIST 800-34”, Jurnal teknologi Rekayasa, vol. 4, no. 2, hal. 157-166, Desember 2019

I.G.T. Isa, “Implementasi Pendekatan Kerangka Kerja NIST 800-34 dalam Perancangan Disaster Recovery Plan pada Sistem Informasi Akademik Universitas Muhammadiyah Sukabumi”, Jurnal Ilmiah Ilmu Komputer, vol. 15, September 2020

D. Suhartono, K.N. Isnaini, “Strategi Recovery Plan Teknologi Informasi di Perguruan Tinggi Menggunakan Framework NIST SP 800-34”, Jurnal Manajemen, Teknik Informatika, dan Rekayasa Komputer, vol. 20, no. 2, pp. 261-272, Mei 2021

The website NIST (Online), Available: https://csrc.nist.gov

Gibson, “Managing Risk in Information System, 2nd Edition” USA: Jones & Bartlett Learning, 2014

R.L. Tammineedi, “Business Continuity Management: A Standars-Based Approach”