Design of a Business Continuity Plan and Disaster Recovery Plan at UPT – TIK Based on the COBIT 2019 Assessment Result
Abstract
Information technology plays an important role in supporting academic and business operations in higher education institutions; however, its implementation also presents risks such as technical disruptions, natural disasters, and information security incidents that may affect finances, reputation, and business continuity. Therefore, it is necessary to evaluate IT governance to ensure alignment with organizational objectives. Data collection was carried out through literature review, interviews, direct observations, and questionnaires, which were analyzed using the COBIT 2019 Process Assessment Model (PAM) and Design Guide. The evaluation results show that the capability of domain DSS04 – Managed Continuity is at level 1 with an achievement of 51% (Largely Achieved) and a gap of two levels from the target, indicating the need for improvement in Managed Continuity. Based on these findings, a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) were designed with reference to ISO 22301:2012, with risk identification conducted using the OCTAVE and FMEA methods. The analysis identified 17 risks with 37 business impact assessments, as well as the determination of MTD, RPO, and RTO along with strategies to mitigate the risks.
References
R. Fadhilah, “Rencana Audit Teknologi Informasi Menggunakan Cobit 2019 Pada Unit Isti Universitas Telkom,” JIKO (Jurnal Inform. dan Komputer), vol. 4, no. 3, pp. 157–163, 2021, doi: 10.33387/jiko.v4i3.3325.
L. Ernawati and H. B. Santoso, “Identifi kasi dan Analisa Risiko Penerapan Teknologi Informasi di Lingkungan Perguruan Tinggi,” Seri Pros. Semin. Nas. Din. Inform., vol. 1, no. 1, pp. 21–28, 2017.
H. Handoko and E. Elly, “Perancangan Rencana Keberlangsungan Bisnis dalam Manajemen Risiko Layanan Teknologi Informasi,” J. Tek. Inform. dan Sist. Inf., vol. 9, no. 3, pp. 351–359, 2024, doi: 10.28932/jutisi.v9i3.6539.
I. Iskandar, “manajemen risiko teknologi informasi perusahaan menggunakan framework riskit ( studi kasus : pembobolan pt . Bank permata , tbk ),” J. Sains, Teknol. dan Ind., vol. 9, no. 1, p. 104, 2011.
Humdiana, “PERANCANGAN BUSINESS CONTINUITY PLAN : STUDI KASUS PADA PT.PAM,” pp. 1–9, 2020.
J. Panda, S. Das, and D. Pattnaik, “Resilient IT Infrastructure: Strategies for Minimizing Downtime and Ensuring Business Continuity,” J. Humanit. Soc. Sci. Res., vol. 6, no. S, pp. 76–86, 2024, doi: 10.37534/bp.jhssr.2024.v6.ns.id1255.p76.
F. Yudhistira, “Kerangka Kerja Business Continuity Plan Sebagai Acuan Mitigasi Gangguan Teknologi Informasi di Perusahaan Sektor Perminyakan,” J. Ilm. Multidisiplin, vol. 2, no. 1, pp. 136–141, 2023, doi: 10.59000/jim.v2i1.95.
F. Susilowati, W. T. Saputro, and I. Y. Pasa, “Evaluasi Tata Kelola Teknologi Informasi Menggunakan Kerangka Kerja Cobit 5 di SMK XYZ,” INTEK J. Inform. dan Teknol. Inf., vol. 6, no. 2, pp. 64–72, 2023, doi: 10.37729/intek.v6i2.3870.
ISACA, COBIT 2019 Framework: Design and Guide. 2019.
M. Saleh, I. Yusuf, and H. Sujaini, “Penerapan Framework COBIT 2019 pada Audit Teknologi Informasi di Politeknik Sambas,” J. Edukasi dan Penelit. Inform., vol. 7, no. 2, p. 204, 2021, doi: 10.26418/jp.v7i2.48228.
Y. Mufl ihah and A. P. Subriadi, “A basic element of it business continuity plan: systematic review,” J. Inform., vol. 12, no. 1, p. 17, 2019, doi: 10.26555/jifo.v12i1.a8370.
B. Yuliad and A. Nugroho, “Rancangan Disaster Recovery Pada Instansi Pendidikan Studi Kasus Universitas Mercu Buana,” J. Tek. Inform., vol. 9, no. 1, pp. 30–39, 2016, doi: 10.15408/jti.v9i1.5575.
E. H. Prakasita and R. V. H. Ginardi, “Tinjauan Kesiapan Terhadap Implementasi Business Continuity Management Systems (BCMS) Berbasis ISO 22301 dan ISO 27001 (Studi Kasus: PT. JPK),” Inform. Mulawarman J. Ilm. Ilmu Komput., vol. 13, no. 2, p. 76, 2019, doi: 10.30872/jim.v13i2.902.
D. R. Nurfadilah, W. N. H. Putra, and A. Rachmadi, “Analisis Manajemen Risiko Keamanan Sistem Informasi pada BKPSDM Kota Batu menggunakan Kerangka Kerja OCTAVE-S dan ISO 27001 : 2013 ( Studi Kasus : Aplikasi E-Kinerja ),” J. Pengemb. Teknol. Inf. dan Ilmu Komputer, Univ. Brawijaya, vol. 4, no. 9, pp. 3014–3020, 2020.
L. Munaroh, Y. Amrozi, and R. A. Nurdian, “Pengukuran Risiko Keamanan Aset TI Menggunakan Metode FMEA dan Standar ISO/IEC 27001:2013,” Technomedia J., vol. 5, no. 2 Februari, pp. 167–181, 2020, doi: 10.33050/tmj.v5i2.1377.
I. Setiawan, R. Waluyo, and W. A. Pambudi, “Perancangan Business Continuity Plan dan Disaster Recovery Plan Teknologi dan Sistem Informasi Menggunakan ISO 22301,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 3, no. 2, pp. 148–155, 2019, doi: 10.29207/resti.v3i2.911.
