Risk Analysis of Business Continuity Plan in Light Steel Company Using ISO 31000 Framework
Abstract
Light Steel Company is an industry engaged in manufacturing, has adopted technology and has a data center. The purpose of this study is to provide a guide and strategy for preventing risks and actions to minimize and overcome risks that can be used and implemented, so that the company's business processes can continue to run sustainably. This study uses Business Continuity Plan (BCP) using ISO 31000. Data collection is used by an interviewing employee who works at this organization. The analysis shows there are 15 possible risks that will hinder the operation of Light Steel companies based on the risk level high, medium, and low categories. High risk level is 26.7%, there are 4 possible risks, namely R05 (Loss of spare parts), R06 (Unscheduled maintenance and care for trucks and equipment spare parts), R10 (Server down) and R012 (Network connection problems). Medium risk level is 26.7%, there are 4 possible risks, namely R02 (flood), R07 (Cybercrime), R08 (Hacking), and R011 (Sudden power outage). Finally for low risk level is 46.6%, there are 7 possible risks, namely R01 (Earthquake), R03 (Dust), R04 (Fire), R09 (Abuse of access rights), R13 (Overheat), R14 (Data Corrupt), and R15 (Virus Attack, Malware).
Downloads
References
Y. Gao and D. Xu, “Exploration of Dance Teaching Mode Based on the Information Technology Era,” Front. Art Res., vol. 3, no. 3, pp. 32–35, 2021, doi: 10.25236/far.2021.030307.
M. El Khatib, “BIM As a Tool To Optimize And Manage Project Risk Management,” Int. J. Mech. Eng., vol. 7, no. 1, pp. 6307–6323, 2022.
J. J. Kassema, “Information Technology (IT) Contingency Plan as part of the Business Continuity Plan: Case of IT Services Delivery Industry,” SSRN Electron. J., 2019, doi: 10.2139/ssrn.3496143.
S. Fani and A. Subiadi, “Trend of Business Continuity Plan: A Systematic Literature Review,” ICBLP, no. 2019, 2020, doi: 10.4108/eai.13-2-2019.2286164.
J. A. R. C. Jayalath and S. C. Premaratne, “Analysis of Key Digital Technology Infrastructure and Cyber Security Consideration Factors for Fintech Companies,” Int. J. Res. Publ., vol. 84, no. 1, pp. 128. – 135, 2021, doi: 10.47119/ijrp100841920212246.
S. V. Fani and A. P. Subriadi, “Business Continuity pPan: Examining of Multi-Usable Framework,” Procedia Comput. Sci., vol. 161, pp. 275–282, 2019, doi: 10.1016/j.procs.2019.11.124.
I. Mas’ud and R. Salsabila, “Perancangan Business Continuity Plan Pada PT. XYZ,” J. Sist. Inf. dan Sains Teknol., vol. 3, no. 1, pp. 1–14, 2021, doi: 10.31326/sistek.v3i1.803.
M. R. Purnama, M. B. Adityawan, K. S. Pribadi, M. Farid, Widyaningtias, and A. A. Kuntoro, “Tsunami Risk Assessment in Business Continuity Planning for Palu Special Economic Zone,” IOP Conf. Ser. Earth Environ. Sci., vol. 1065, no. 1, 2022, doi: 10.1088/1755-1315/1065/1/012053.
I. Setiawan, R. Waluyo, and W. A. Pambudi, “Perancangan Business Continuity Plan dan Disaster Recovery Plan Teknologi dan Sistem Informasi Menggunakan ISO 22301,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 3, no. 2, pp. 148–155, 2019, doi: 10.29207/resti.v3i2.911.
B. Prieto, “Enterprise Risk Management in the Engineering and Construction,” PM World J., vol. XI, no. V, pp. 2330–4480, 2022.
E. C. Ali and N. C. Ali, “Business Continuity Plan of the Micro and Small Enterprises in Cotabato City during the COVID-19 Pandemic and Its Effect to Business Performance,” Eur. J. Bus. Manag. Res., vol. 8, no. 3, pp. 124–127, 2023, doi: 10.24018/ejbmr.2023.8.3.1916.
A. Berrichi and Z. Azarkan, “Business Continuity Plan facing COVID-19 : From necessity to Alterities Business Continuity Plan facing COVID-19 :,” HAL oepn Sci., vol. 2, no. 4, pp. 597–617, 2021, doi: 10.5281/zenodo.5149419.
F. T. Kurniati and R. R. Huizen, “Sosialisasi Strategi Business Continuity Plan Memasuki Era Baru (New Normal),” War. LPM, vol. 24, no. 4, pp. 788–798, 2021.
T. F. Rahardian and A. F. Wijaya, “Risk Analysis of Web-Based Information Systems on CV Mega Komputama Uses ISO 31000,” J. Inf. Syst. Informatics, vol. 4, no. 2, p. 442, 2022.
E. Evinia and M. N. N. Sitokdana, “Risk Management Based IT Analysis Using ISO 31000 (Case Study: PT Bawen Mediatama),” J. Inf. Syst. Informatics, vol. 5, no. 1, pp. 380–390, 2023, doi: 10.51519/journalisi.v5i1.420.
F. A. Alijoyo, “The use ISO 31000:2018 in Indonesian Fintech Lending Companies: What Can We Learn?,” J. Bus. Manag. Stud., vol. 4, no. 1, pp. 16–22, 2022, doi: 10.32996/jbms.2022.4.1.3.
J. F. Andry, N. Karepowan, and H. Tannady, “Disaster Recovery Planning for It/Is of Hospitality Industry Using Nist Sp 800-34 Rev.1 Method,” J. Theor. Appl. Inf. Technol., vol. 102, no. 8, pp. 3562–3569, 2024.
D. Y. Bernanda, Y. Charolina, O. Azhari, C. Pangrestu, and J. F. Andry, “Identification of Potential and Planning for Disaster Recovery Using the Iso/Iec 24762 Standard At Xyz University,” J. Teknoinfo, vol. 17, no. 1, p. 140, 2023, doi: 10.33365/jti.v17i1.2295.
J. F. Andry, H. Tannady, G. D. Rembulan, Gerry, and Honni, “Disaster Recovery Design at Higher Education Institutional Using ISO 27021 Method.pdf,” Soc. Sci. J., vol. 12, no. 5, pp. 1211–1217, 2022.
J. F. Andry, L. Liliana, H. Tannady, and A. S. Arief, “Data Centre Risk Analysis Using ISO 31000:2009 Framework,” J. Phys. Conf. Ser., vol. 2394, no. 1, 2022, doi: 10.1088/1742-6596/2394/1/012032.


Copyright (c) 2024 Journal of Information Systems and Informatics

This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)