ABSTRAK Disaster Recovery Plan adalah salah satu cabang ilmu manajemen resiko sistem informasi terapan yaitu Business Continuity Plan. Disaster Recovery Plan merupakan serangkaian kegiatan yang bertujuan untuk mengurangi kemungkinan dan membatasi kerugian akibat bencana dan proses yang penting. Bencana yang dimaksud bisa berupa badai, kebakaran, gempa bumi, virus, kegagalan harddisk, demo karyawan, dan lain sebagainya. Tentunya bencana seperti ini sangat mengancam sistem informasi perusahaan atau perorangan. Studi kasus akan dilakukan terhadap sistem informasi PT.ASKRINDO. PT.ASKRINDO merupakan salah satu perusahaan Badan Usaha Milik Negara (BUMN) yang bergerak di bidang penjamin kredit untuk Usaha Mikro Kecil dan Menengah (UMKM) yang berpusat di Jakarta. Tugas Akhir bertujuan untuk mengidentifikasi apa saja faktor yang dapat mempengaruhi pembangunan Disaster Recovery Plan yang ditujukan untuk sistem informasi PT.ASKRINDO. Setelah diketahui faktor-faktor yang mempengaruhi isi dari Disaster Recovery Plan, akan dilakukan pula pembangunan Disaster Recovery Plan sistem informasi PT.ASKRINDO berdasarkan faktor-faktor yang telah terdefenisi sebelumnya. Proses yang dilakukan dalam pembangunan Disaster Recovery Plan tersebut antara lain : Risk Assessment, Priority Assessment, Strategy Selection. Tugas akhir ini menghasilkan sebuah rancangan dokumen Disaster Recovery Plan yang ditujukan untuk melindungi aset berupa Sistem Informasi yang berada pada lokasi utama PT.ASKRINDO maupun mirror site yang dimiliki oleh PT.ASKRINDO. Kata Kunci : Disaster Recovery Plan, Business Continuity Plan, Bencana
Universitas Kristen Maranatha
ABSTRACT Disaster Recovery Plan is one branch in the science of applied information system risk management called Business Continuity Plan. Disaster Recovery Plan is a series of activities aimed to reduce the likelihood and limit losses from disaster on critical business processes. The disaster in question could be hurricanes, fires, earthquakes, viruses, disk failures, employees’ riot or individual information system. Case studies will be conducted on information system of PT.ASKRINDO. PT.ASKRINDO is one of the state-owned company engaged in credit guarantee for Micro, Small and Medium Enterprises based in Jakarta. The final project aims to identify some factor that may effect the development of Disaster Recovery Plan aimet at PT.ASKRINDO information system. After we know the factors that influence the contents of the Disaster Recovery Plan, we will also conduct the development of Disaster Recovery Plan of PT.ASKRINDO information systembased on factors taht have been defined previously. The process that is used in the development of Disaster Recovery Plan includes : Risk Assessment, Priority Assessment, Strategy Selection. The Final project will produce a Disaster Recovery Plan that is intended to protect assests in the form of information system that located at a prime location PT.ASKRINDO or at mirror site. Keyword : Disaster Recovery Plan, Business Continuity Plan, Disaster.
Universitas Kristen Maranatha
DAFTAR ISI PRAKATA ................................................................................................................... i ABSTRAK ................................................................................................................... iii ABSTRACT ................................................................................................................. iv DAFTAR ISI ................................................................................................................ v DAFTAR GAMBAR ..................................................................................................... vii DAFTAR TABEL ......................................................................................................... viii DAFTAR LAMPIRAN .................................................................................................. ix DAFTAR ISTILAH ....................................................................................................... x BAB I PENDAHULUAN ............................................................................................... 1 1.1 Latar Belakang Masalah ....................................................................................... 1 1.2 Rumusan Masalah ................................................................................................ 3 1.3 Tujuan Pembahasan ........................................................................................................ 3 1.4 Ruang Lingkup Kajian ...................................................................................................... 4 1.5 Sumber Data.................................................................................................................... 4
1.6 Sistematika Penyajian ........................................................................................... 4 BAB II KAJIAN TEORI ................................................................................................ 6 2.1 Sistem Informasi ................................................................................................... 6 2.2 Bencana ................................................................................................................ 7 2.2.1 Defenisi Bencana ...................................................................................... 7 2.2.2 Klasifikasi Bencana ................................................................................... 7 2.3 Disaster Recovery Plan......................................................................................... 10 2.3.1 Tahapan Pembangunan Disaster Recovery Plan ..................................... 12 2.3.1.1 Risk Assessment .................................................................................... 13 2.3.1.2 Priority Assessment ............................................................................... 14 2.3.1.3 Strategy Assessment ............................................................................. 17 2.3.1.4 Plan Documenting .................................................................................. 20 2.4 Manajemen Resiko ............................................................................................... 20 2.4.1 Project Risk Management ......................................................................... 21 2.4.2 Operation Risk Management..................................................................... 22 2.4.3 Supply Chain Management ....................................................................... 22 2.4.4 Enterprise Risk Management .................................................................... 23 2.4.5 Business Continuity Plan .......................................................................... 23 2.4.5.1 Hubungan Business Continuity Planning dengan Disaster Recovery Plan............................................................................................................. 25 BAB III ANALISIS DAN PERANCANGAN................................................................... 28 3.1 Metode Analisis Resiko ......................................................................................... 28 3.2 Sejarah PT.ASKRINDO ........................................................................................ 28 3.2.1 Visi dan Misi .............................................................................................. 29 3.2.2 Tujuan Perusahaan ................................................................................... 29 3.2.3 Layanan Jasa-Jasa pada PT.ASKRINDO ................................................. 30 3.3 Proses Analisis Pada PT.ASKRINDO ................................................................... 30 3.3.1 Evaluasi Business Continuity Planning .............................................................. 30 3.3.2 Pengambilan Data ........................................................................................................ 31
Universitas Kristen Maranatha
3.4 Analisis Resiko ................................................................................................................ 31 3.5 Analisis Resiko Internal.................................................................................................... 32 3.5.1 Analisis Resiko dari segi teknis ............................................................................... 32 3.5.1.1 Gangguan Perangkat Keras ............................................................................ 32
3.5.1.1.1 Gangguan Pada Peralatan ............................................................ 32 3.51.1.2 Gangguan Pada Ketersediaan Daya ......................................................... 34 3.5.1.1.3 Gangguan pada perangkat Heating, Ventilation, and Air Conitioning (HVAC) system ................................................................... 34 3.5.1.2. Gangguan Perangkat Lunak ..................................................................... 35 3.5.1.3 Gangguan Pada Data.............................................................................. 36
3.5.1.4 Gangguan Pada Faktor Manusia ........................................................ 36 3.6 Analisis Resiko Eksternal ...................................................................................... 38 3.6.1 Analisis resiko dari Segi Lokasi .................................................................... 38 3.6.1.1 Bencana Badai .................................................................................... 38 3.6.1.2 Bencana Gempa ................................................................................. 39 3.6.1.3 Bencana Kebakaran ............................................................................ 39 3.6.1.4 Kerusakan Gedung ............................................................................. 40 3.6.2 Analisis Resiko Dari Segi Sosial ................................................................. 40 3.7 Analisis Tingkat Kebutuhan................................................................................... 41 3.8 Hasil Analisis......................................................................................................... 41 3.9 Perancangan ........................................................................................................ 42 3.9.1 Tahap Pembangunan ................................................................................. 43 3.9.2 Risk Assessment......................................................................................... 44 3.9.3 Analisis Kerugian ....................................................................................... 49 3.10 Priority Assessment ............................................................................................ 50 3.10.1 Priority Assessment Segi Arsitektur ......................................................... 50 3.10.1.1 Perangkat Keras .............................................................................. 50 3.10.1.2 Perangkat Lunak .............................................................................. 51 3.10.1.3 Jaringan .......................................................................................... 53 3.10.1.4 Data ................................................................................................. 54 3.10.1.5 Hasil Priority Assessment Segi Arsitektur ........................................ 55 3.11 Recovery Strategy Selection ............................................................................... 56 3.11.1 Respon Ancaman Dari Segi Lokasi ........................................................... 56 3.11.2 Lokasi cadangan (Mirror Site) ................................................................... 59 3.11.3 Infrastruktur Mirror Site ............................................................................. 61 3.11.4 Updating Data Mirror Site .......................................................................... 61 3.12 Plan Documenting ............................................................................................... 62 BAB IV EVALUASI ...................................................................................................... 64 4.1 Tujuan Evaluasi .................................................................................................... 64 4.2 Batasan Evaluasi .................................................................................................. 64 4.3 Analisis Hasil Evaluasi ..................................................................................................... 72
BAB V SIMPULAN DAN SARAN ................................................................................ 73 5.1 Kesimpulan ........................................................................................................... 73 5.2 Saran .................................................................................................................... 73 DAFTAR PUSTAKA .................................................................................................... 75
Universitas Kristen Maranatha
DAFTAR TABEL Tabel I Rincian nilai atribut priority assessment .......................................................... 15 Tabel II Perbandingan jenis strategi pemulihan data .................................................. 19 Tabel III Rincian pembobotan atribut bencana............................................................ 44 Tabel IV Rincian penilaian atribut resiko ancaman ..................................................... 46 Tabel V Bencana dan tingkat ancaman secara terurut ............................................... 47 Tabel VI Hasil Proses Perhitungan Priority Assessment ............................................. 54 Tabel VII Urutan Prioritas Elemen Arsitektur............................................................... 54 Tabel VIII Evaluasi Skenario Recovery Segi Lokasi ................................................... 62 Tabel IX Evaluasi Skenario Recovery Segi Teknis ..................................................... 64 Tabel X Evaluasi Skenario Recovery Segi Sosial ....................................................... 68
Universitas Kristen Maranatha
DAFTAR GAMBAR Gambar 1 Siklus DRP dalam memulihkan operasi ..................................................... 10 Gambar 2 Atribut Resiko Bencana.............................................................................. 12 Gambar 3 Elemen Bisnis Terkait dengan BCP dan DRP ............................................ 23
Universitas Kristen Maranatha
DAFTAR LAMPIRAN LAMPIRAN A
Pernyataan ...................................................................................... A.1
LAMPIRAN B
Daftar Pertanyaan Wawancara ....................................................... B.1
LAMPIRAN C
Rekapitulasi Wawancara ................................................................. C.1
LAMPIRAN D
Business Continuitp Plan Disaster Recovery Plan untuk PT.ASKRINDO ................................................................................ D.1
Universitas Kristen Maranatha
DAFTAR ISTILAH Istilah
Pengertian
Kemunculan pertama kali
Disaster Recovery Plan
Suatu
acuan
prosedur
yang
untuk
kejadian
yang
berisikan
Hal.2
merespon
mengakibatkan
hilangnya sumber daya sistem informasi
secara
bermakna
(bencana), menyediakan operasi cadangan selama sistem terhenti dan,
mengelola
proses
pemulihan serta penyelamatan sehingga mampu meminimalisir kerugian
yang
dialami
oleh
organisasi Manajemen
Resiko Berbagai
(Sistem Informasi)
resiko
proses
yang
penanganan
diperlukan
menyeimbangkan
Hal.3
untuk antara
operasional
serta
biaya
dibutuhkan
untuk
yang
melindungi
proses, serta mencapai tujuan untuk
melindungi
sistem
demi
kapabilitas kelangsungan
organisasi Business Plan
Continuity Suatu
metodologi
yang
Hal.22
digunakan untuk menghasilkan dan
memvalidasi
suatu
perencanaan dalam menangani bisnis
sebelum,
selama,
dan
sesudah terjadinya bencana dan kejadian yang menggangu.
Universitas Kristen Maranatha
Istilah
Pengertian
Kemunculan pertama kali
Business
Continuity
dirancang
untuk
proses
bisnis
penting
dari
bencana
Plan
melindungi
yang
dianggap
kerusakan
yang
terjadi
atau secara
alamiah atau perbuatan manusia, dan kerugian yang ditimbulkan dari
tidak
tersedianya
proses
bisnis normal Risk Assessment
Proses
identifikasi
ancaman-
Hal.11
ancaman yang mungkin terjadi, baik berasal dari dalam, maupun dari luar. Priority Assessment
Tahap
dilakukannya
suatu
Hal.11
penilaian prioritas pada setiap elemen-elemen bisnis yang ada pada
suatu
organisasi.
Hasil
penilaian prioritas tersebut akan dijadikan
acuan
dalam
menentukan yang mana elemenelemen
bisnis
diprioritaskan
yang
dinilai
penanganan
pemulihan ketika terjadi suatu bencana Heating, Ventilation and Perangkat
yang
Air Conditioning (HVAC) pemanas
ruangan,
system
terdiri
dari
Hal.33
sistem
ventilasi udara, serta pendingin ruangan
Universitas Kristen Maranatha
