Disaster Recovery Framework for Commercial Banks in Sri Lanka

Mueen Uddin, Sandun Hapugoda, Roop Chand Hindu


The banking sector is the backbone of the entire financial economy of a country. In today’s globalized world, most organizations use online transaction processing systems for transferring money and doing business. Natural or man-made disasters can lead to data loss which in turn can cause millions of dollars of money lost. This study focuses on disaster recovery practices in commercial banks in Sri Lanka. From our preliminary findings, it was concluded that commercial banks only have ad-hoc disaster recovery standards and practices, as there is no standard framework available. Fourteen (14) banks were selected for data collection and relevant authorities were interviewed. The results were translated as qualitative observations to understand the best practices. Similarly, international standards, compliance requirements of the central bank, and existing researches were used to develop a disaster recovery practice framework. The proposed framework was then validated for its efficiency and usefulness among commercial banks and found to be acceptable by the banking industry.  

Full Text:



IFRC, World Disasters Reports: Focus on Urban Risk, 2010. Retrieved from http://www.ifrc.org/en/publications-and-reports/world-disasters-report/wdr2010/ (last accessed 15th April 2013).

CBSL, Central Bank of Sri Lanka: Annual Report, Central Bank, Colombo, Sri Lanka, 2011.

CSBL, CSBL Payments Bulletin, 9(1), Central bank of Sri Lanka Colombo, 2009. Retrieved from http://www.cbsl.gov.lk/pics_n_docs/10_pub/_docs/statistics/monthly_bulletin/Monthly_Bulletin_2009/Bulletin_jan09e.pdf (last accessed 20th May 2013).

FSSRC, Financial Systems Stability Review, Financial Systems Stability Review Committee, Central Bank, Sri Lanka, 2011.

Doughty, K., Auditing the Disaster Recovery Plan, EDPACS, 21(3), pp. 1-12, 2004.

Botha, J. & Solms, V.R., A Cyclic Approach to Business Continuity Planning, Information Management & Computer Security, 12(4), pp. 328-337, 2004.

Chandler, R.C. & Wallace, J.D., Business Continuity Planning after September 11, Disaster Recovery Journal, 17(3), 2004.

Witty R. J., BCM/DR Survey Results From Gartner, DRJ, Disaster Recovery, 19(4), pp. 26-32, 2005.

Morwood G., Business Continuity: Awareness and Training Programs, Information Management & Computer Security, 6(1), pp. 28-32, 1998.

British Standards Institution, Business Continuity - BSI Shop Homepage, Available: http://shop.bsigroup.com/en/Browse-by-Subject/Business-Continuity/ (1998) [Last accessed 18 January 2010].

Cox, L. A., Game Theory and Risk Analysis. Risk Analysis, 29(8), pp. 1062-1068, 2009.

Balaouras, S., The State of Business Continuity Preparedness, http://www.drj.com/index.php?option=com_content&task=view&id=2407&Itemid=419&ed=49, 2009 [last accessed 18 January 2010].

Cegiela, R., Selecting Technology for Disaster Recovery, IEEE International Conference on Dependability of Computer Systems (DEPCOS-RELCOMEX’06), pp. 160-167, 2006.

Paradine, T.J., Business Interruption Insurance: A Vital Ingredient in Your Disaster Recovery Plan, Information Management & Computer Security, 3(1), pp. 9-17, 1995.

Yiu, K. & Tse, Y.Y., A Model for Disaster Recovery Planning, IS Audit & Control Journal, 5, pp. 45-51, 1995.

Rosenthal, P.H. & Sheiniuk, G., Business Resumption Planning Exercising the Disaster Management Team, Journal of Systems Management, 44, pp. 12-16, 1993.

Salkowe, R.S. & Chakraborty, J., Federal Disaster Relief in the US: The Role of Political Partisanship and Preference in Presidential Disaster Declarations and Turndowns, Journal of Homeland Security and Emergency Management, 6(1), pp. 1-23, 2009.

Hoffer, J., Backing up Business-industry Trend or Event, Health Management Technology, 22(1), 2001.

Menkus, B., The New Importance of ‘Business Continuity’ in Data Processing Disaster Recovery Planning, Computers & Security, 13(2), pp. 115-118, 1994.

Wiboonrat, M., An Empirical IT Contingency Planning Model for Disaster Recovery Strategy Selection, School of Information Technology, Assumption University, Bangkok, Thailand, 2008.

Hutt, A.E., Bosworth, S. & Hoyt, D.B., Computer Security Handbook, 2nd ed., Macmillan Pub. Co., New York, NY, P. 399, 1988.

Baker, C., The Top 10 IT Disasters of All Time - at ZDNet_co_uk,http://resources.zdnet.co.uk/articles/0,1000001991,39290976,00.htm 2009, [last accessed 19 January 2010].

Bajgoric, N., Information Technologies for Business Continuity: An Implementation Framework, Information Management & Computer Security, 14(5), pp. 450-466, 2006.

Vijayan, J., Data Security Risks Missing from Disaster Recovery Plans, Computer World, 39(41), pp. 16-18, 2005.

Hong, Y., & Apostolakis, G., Conditional Influence Diagrams in Risk Management, Risk Analysis, 13(6), pp. 625-636, 1993.

Sheth, S., McHugh J. & Jones, F., A Dashboard for Measuring Capability when Designing, Implementing and Validating Business Continuity and Disaster Recovery Projects, Journal of Business Continuity & Emergency Planning, 2(3), pp. 221-239, 2008.

ISO, ISO/IEC 24762:2008, Information Technology, Security Techniques, Guidelines for Information and Communications Technology Disaster Recovery Services, http://www.iso.org/iso/catalogue_detail.htm?csnumber=41532

[last accessed 25 November 2009], 2009.

Bank for International Settlement, High-level Principles for Business Continuity, Consultative Paper. http://www.bis.org/publ/joint14.htm

[last accessed 19 January 2009], 2009.

Varghese, M., Disaster Recovery Planning, [Online], Premier Press of Course Technology, Ohio, http://site.ebrary.com/lib/staffordshire/docDetail.action?docID=10066758&p00=disaster%20recovery [last accessed 19 January 2009], 2002.

BSD, Directions, Circulars and Guidelines issued to Licensed Commercial Banks, Bank Supervision Department, Central Bank, Colombo, Sri Lanka, 2011.

CBSL, Guideline on Business Continuity Planning, Colombo: Central Bank of Sri Lanka, (BCP Guideline No: 01/2006), 2006.

Schmidt, K., High Availability and Disaster Recovery: Concept, Design, Implementation, Berlin: Springer-Verlag Berlin Heidelberg, 2006.

Steinarcher, S., Is Your Organization at Risk? System iNews, 47(6), pp. 11, 2008.

NIST, Contingency Planning Guide for Information Technology Systems, edited by U.S.D. o. Commerce. Washington. US Government Printing Office, 2002.

Yin, R.K., Case Study Research: Design and Methods. Sage Publications Inc., Newbury Park, CA. 2003.

Azevedo, S.G., Carvalho H. & Machado C., The Influence of Green Practices on Supply Chain Performance: A Case Study Approach, NECE Research Unit, Department of Management and Economics, University of Beira, Portugal, 2011.

DOI: http://dx.doi.org/10.5614%2Fitbj.ict.res.appl.2015.9.3.4


  • There are currently no refbacks.

Contact Information:

ITB Journal Publisher, LPPM – ITB, 

Center for Research and Community Services (CRCS) Building Floor 7th, 
Jl. Ganesha No. 10 Bandung 40132, Indonesia,

Tel. +62-22-86010080,

Fax.: +62-22-86010051;

e-mail: jictra@lppm.itb.ac.id.