Performance Evaluation of Business Continuity Plan in Dealing with Threats and Risks in Cilegon Companies Use ISO 22301:2019 & NIST Sp 800-30 R1 Frameworks Case Study: PT. X
DOI:
https://doi.org/10.59888/ajosh.v1i12.120Keywords:
Electronic Based Government System, Business Continuity Plan, Business Continuity Management System, Risk AnalysisAbstract
This research was conducted at PT.X which is located in Cilegon, Merak-Banten. Seeing the geographical location of PT.X which is in a disaster-prone area, the company must ensure an effective business continuity process. In accordance with government regulations on Electronic-Based Government Systems (SPBE) related to corporate and government business activities, companies must be able to ensure business continuity in every condition that poses a threat and risk, but with no specific obligation that is the basis for the company's business continuity if it does not have a Business Continuity Plan (BCP) process, it will get a sanction. The purpose of this research is to evaluate the existing BCP process at PT X Cilegon and provide recommendations for a standardized BCP framework in the company to ensure business continuity as the company's Business Continuity Management System (BCMS) to avoid all threats and risks. BCP has standards regulated in ISO 22301: 2019 as its framework, and in BCP there is a risk analysis process and this research will be carried out using the NIST SP 800-30 Revision 1 method as its best practice. The evaluation results show that the previous BCP process at PT X Cilegon was not in accordance with the standards and the risk analysis carried out was still based on the ISO that the company had implemented but not ISO 31000 which is the risk management standard, so this study provides recommendations for a BCP framework that is in accordance with the standards and risk analysis with risk analysis methods that produce risk priorities.
References
Afiansyah, H. G., Sunaringtyas, S. U., & Amiruddin, A. (2023). Perancangan Rencana Pemulihan Bencana Menggunakan NIST SP 800-34 Rev 1, NIST SP 800-53 Rev 5 dan SNI 8799 (Studi Kasus: Unit TI XYZ). Jurnal Teknologi Informasi Dan Ilmu Komputer, 10(2), 329–338.
Al Fikri, M., Putra, F. A., Suryanto, Y., & Ramli, K. (2019). Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit-based organization: Case study of ZZZ information system application in ABC agency. Procedia Computer Science, 161, 1206–1215.
Amirullah, M. I., & Subriadi, A. P. (2019). Evaluasi Kerangka Kerja Perencanaan Keberlangsungan Bisnis pada PT. Lotte Chemical Titan Nusantara. SISFO VOL 8 NO 2, 2.
Aristoteles, A., Febrianto, I., Andrian, R., & Indrianti, I. (2020). IDENTIFIKASI RISIKO SISTEM INFORMASI BP-REMUN UNIVERSITAS LAMPUNG MENGGUNAKAN METODE NIST SP 800-30. Jurnal Pepadun, 1(1), 100–108.
Association, N. F. P. (2019). NFPA 1600, Standard on continuity, emergency, and crisis management. Quincy, MA: NFPA.
Astri, R. A., Jazman, M., & Saputra, E. (2023). Cybersecurity Supply Chain Risk Management Using NIST SP 800-161r1. KLIK: Kajian Ilmiah Informatika Dan Komputer, 3(6), 595–601.
Budiyanto, E. H., Gurning, R. O. S., Pitana, T., & Sebayang, I. Z. (2019). Risk Assessment Based on Business Continuity Management in PT. X on Harbour Tug Shipping Companies. EasyChair.
Choi, J., Cheung, C., & Lee, D. (2021). Comparative Study of Administrative Business Continuity Plan (BCP) for DISASTER Management of Metropolitan Areas in Korea and Japan. International Journal of Human & Disaster, 6(2), 59–68.
Damalia, R., Ambarwati, A., & Setiawan, E. (2021). Analisis Manajemen Risiko It Sistem Administrasi Bisnis Retail Menggunakan Metode NIST SP 800-30 Revisi 1. INTECOMS: Journal of Information Technology and Computer Science, 4(2), 271–281.
Eryawana, I. G. N. M. P., Sasmitaa, G. M. A., & Cahyawan, A. A. K. T. A. (n.d.). NIST SP 800-30.
Haryadi, E., Abdussomad, A., & Robi, R. (2019). Implementasi Sistem Backup Data Perusahaan Sebagai Bagian dari Disaster Recovery Plan. Sainstech: Jurnal Penelitian Dan Pengkajian Sains Dan Teknologi, 29(2).
Kuntari, N. L., Chrisnanto, Y. H., & Hadiana, A. I. (2018). Manajemen Risiko Sistem Informasi di Universitas Jenderal Achmad Yani Menggunakan Metoda OCTAVE Allegro. Seminar Nasional Teknologi Informasi, 1, 551–559.
Margherita, A., & Heikkilä, M. (2021). Business continuity in the COVID-19 emergency: A framework of actions undertaken by world-leading companies. Business Horizons, 64(5), 683–695.
Muflihah, Y., & Subriadi, A. P. (2018). A basic element of it business continuity plan: systematic review. Jurnal Informatika Ahmad Dahlan, 12(1), 17–23.
Pambudi, R. D., & Ramli, K. (2023). INFORMATION SECURITY RISK MANAGEMENT DESIGN OF SUPERVISION MANAGEMENT INFORMATION SYSTEM AT XYZ MINISTRY USING NIST SP 800-30. Jurnal Teknik Informatika (Jutif), 4(3), 591–599.
Pertiwi, G. P., & Apol Pribadi, S. (2016). KERANGKA KERJA BUSINESS CONTINUITY PLAN (BCP) UNTUK TEKNOLOGI INFORMASI PERUSAHAAN Studi Kasus: PDAM KOTA SURABAYA.
Pramudya, G. W., & Fajar, A. N. (2019). Business Continuity Plan using ISO 22301: 2012 in IT solution company (pt. ABC). Int. J. Mech. Eng. Technol, 10(2), 865–872.
Putra, A. P., & Soewito, B. (2023). Integrated Methodology for Information Security Risk Management using ISO 27005: 2018 and NIST SP 800-30 for Insurance Sector. International Journal of Advanced Computer Science and Applications, 14(4).
Russo, N., & Reis, L. (2020). Updated analysis of business continuity issues underlying the certification of invoicing software, considering a pandemic scenario. Advances in Science, Technology and Engineering Systems Journal, 5(6), 845–852.
Russo, N., & Reis, L. (2021). Methodological approach to systematization of Business Continuity in organizations. In Handbook of Research on Multidisciplinary Approaches to Entrepreneurship, Innovation, and ICTs (pp. 200–223). IGI Global.
Russo, N., Reis, L., Silveira, C., & Mamede, H. S. (2023). Towards a Comprehensive Framework for the Multidisciplinary Evaluation of Organizational Maturity on Business Continuity Program Management: A Systematic Literature Review. Information Security Journal: A Global Perspective, 1–19.
Solihuddin, T., Salim, H. L., Husrin, S., Daulat, A., & Purbani, D. (2020). Sunda Strait Tsunami Impact In Banten Province And Its Mitigation Measures. Jurnal Segara, 16(1), 15–28.
Standardization, I. O. for. (2019). Security and Resilience: Business Continuity Management Systems-Requirements. International Organization for Standardization.
Ulfa, A. A., & Immawan, T. (2021). Analisis Manajemen Risiko Dengan Penerapan ISO 31000 Pada Proses Machining (Studi Kasus: Perusahaan AB). Integrasi: Jurnal Ilmiah Teknik Industri, 6(2), 42–52.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Hendaryatna, Gerry Firmansyah, Budi Tjahjono, Agung Mulyo Widodo
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International. that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
