Departemen Hukum dan HAM Republik Indonesia Agustus 2009
Domain 1 : Planning & Organisation (PO)
• • • • • • • • • •
Define a Strategic IT Plan (PO1) Define the Information Architecture (PO2) Determine Technological Direction (PO3) Define the IT Organisation and Relationships (PO4) Manage the IT Investment (PO5) Communicate Management Aims and Direction (PO6) Manage IT Human Resources (PO7) Manage Quality (PO8) Assess and Manage IT Risks (PO9) Manage Projects (PO10)
Domain 2 : Acquisition & Implementation (AI)
• • • • • • •
Identify Automated Solution (AI1) Acquire and Maintain Application Software (AI2) Acquire and Maintain Technology Infrastructure (AI3) Enable Operation & Use (AI4) Procure IT Resources (AI5) Manage Changes (AI6) Install & Accredit Solutions and Changes (AI7)
Domain 3 : Delivery & Support (DS)
• • • • • • • • • • • • •
Define and Manage Service Levels (DS1) Manage Third-Party Services (DS2) Manage Performance and Capacity (DS3) Ensure Continuous Service (DS4) Ensure Systems Security (DS5) Identify and Allocate Costs (DS6) Educate and Train Users (DS7) Manage Service Desk and Incidents (DS8) Manage the Configuration (DS9) Manage Problems (DS10) Manage Data (DS11) Manage the Physical Environment (DS12) Manage Operations (DS13)
Domain 4 : Monitoring (M)
• • • •
Monitor & Evaluate IT Performance (M1) Monitor & Evaluate Internal Control (M2) Ensure Compliance with External Requirements (M3) Provide IT Governance (M4)
Ringkasan IT Strategy
Manage Project & Program
IT Projects
Validasi Kebutuhan
IT Operation
Validasi Fungsi Application Support Compliance
Performance
Service Desk Infrastructure Support
Enterprise Architecture
7 | © 2009 Depkumham RI
IT Policy No.
Nama Kebijakan
1
Perencanaan Strategis TI
2
Manajemen Risiko
3
Kebijakan Keamanan Informasi
4
Penggunaan Asset Teknologi Informasi
5
Pedoman Layar Bersih dan Meja Bersih
6
Standardisasi Hak Akses
7
Perencanaan Kelangsungan Operasi (BCP)
8
Klasifikasi Informasi
9
Audit Sistem Informasi
IT Procedure No. 1 2 3 4 5 6 7 8 9
Nama SOP Pembelian dan Instalasi Perangkat Keras (hardware) Pengaturan UPS Penggunaan Modem dan Fax Penggunaan Printer Instalasi dan pemeliharaan Kabel Jaringan Penggunaan Supplies TI Outsourcing Mobile Computing (penggunaan komputer bergerak/portabel) Pemeliharaan Perangkat Keras
IT Procedure No. 10 11 12 13 14 15 16 17
Nama SOP Penyimpanan dan Pengamanan Peralatan, Dokumen, dan Media Data Penanganan Masalah Perangkat Keras Pengelolaan Hak Akses Pengguna Penggunaan Password Pengendalian Akses Fisik Pemantauan Penggunaan Sistem Manajemen Jaringan Perlindungan terhadap Serangan pada Jaringan
IT Procedure No. 18 19 20 21 22 23 24 25 26
Nama SOP Administrasi Sistem Pemberian Akses kepada Pihak Ketiga Penggunaan Kriptografi Penggunaan Perangkat lunak Operasional Manajemen Perubahan Sistem dan Dokumentasinya Penggunaan Internet Penggunaan Email Pengembangan dan Pemeliharaan Situs Web Pengiriman Data
11 | © 2009 Depkumham RI
IT Procedure No.
Nama SOP
27
Manajemen Data
28
Perlindungan Data Pihak Ketiga
29
Backup Data
30
Penanganan Dokumen
31
Pembelian dan Instalasi Perangkat Lunak (Software)
32
Pemeliharaan Perangkat Lunak
33
Pengembangan Perangkat Lunak
12 | © 2009 Depkumham RI
IT Procedure No. 34 35 36 37 38 39 40
Nama SOP Perlindungan terhadap Virus dan Malware Perjanjian Kerja (seluruh pengguna fasilitas TI) Perjanjian Kerahasiaan Pelatihan TI Pengendalian Kondisi Lingkungan Fasilitas TI Penanggulangan Bencana Penanganan Insiden TI
13 | © 2009 Depkumham RI
IT Framework/Documents No. 1 2 3 4
Nama SOP Application Acquisition & Implementation Method Requirement, Contract, SLAs, Security Control, Change Process, Acceptance Project Management Method Organisation, Plan, Control Audit & Control Risk Management, Audit Checklist, Test Service Desk & Incident Reporting Ticketing, SLAs, Reporting
14 | © 2009 Depkumham RI
IT Organisation No. 1 2 3 4
Nama SOP IT Job Description IT HR Policy & Procedure IT Skills Matrix IT Training Requirement
15 | © 2009 Depkumham RI
