// <![CDATA[PERANCANGAN BUSINESS CONTINUITY PLAN DAN DISASTER RECOVERY PLAN DI UPT - TIK BERDASARKAN HASIL PENGUKURAN MENGGUNAKAN COBIT 2019]]> 0425066801 - Mira Musrini Barmawi , S.Si, MT. Dosen Pembimbing 1 120231001 - Asep Rizal Nurjaman, S.Kom., M.Kom. Dosen Pembimbing 2 TRI RAHAYU PURWANTI / 162021031 Penulis
Teknologi informasi memiliki peran penting dalam mendukung operasional akademik dan bisnis di Perguruan Tinggi, namun penerapannya juga menghadirkan risiko seperti gangguan teknis, bencana alam, maupun insiden keamanan informasi yang dapat merugikan finansial, reputasi, serta keberlangsungan proses bisnis. Oleh karena itu, diperlukan evaluasi tata kelola TI guna memastikan keselarasan dengan tujuan organisasi. Pengumpulan data dilakukan melalui studi literatur, wawancara, observasi secara langsung, dan kuesioner yang dianalisis menggunakan COBIT Process Assessment Model (PAM) dan Design Guide. Hasil evaluasi menunjukkan kapabilitas pada domain DSS04 – (Managed Continuity) pada level 1 dengan capaian 51% (Largely Achieved) dan gap sebesar 2 level dari target. Mengindikasikan perlunya peningkatan pada Managed Continuity. Berdasarkan temuan tersebut, dilakukan perancangan Business Continuity Plan (BCP) dan Disaster Recovery Plan (DRP) mengacu pada ISO 22301:2012 dengan identifikasi risiko menggunakan metode OCTAVE dan FMEA. Hasil analisis menemukan 17 risiko dengan 37 analisis dampak bisnis serta penentuan MTD, RPO, dan RTO dan strategi untuk mengatasi risiko. Information technology plays an important role in supporting academic and business operations in higher education institutions; however, its implementation also presents risks such as technical disruptions, natural disasters, and information security incidents that may affect finances, reputation, and business continuity. Therefore, it is necessary to evaluate IT governance to ensure alignment with organizational objectives. Data collection was carried out through literature review, interviews, direct observations, and questionnaires, which were analyzed using the COBIT 2019 Process Assessment Model (PAM) and Design Guide. The evaluation results show that the capability of domain DSS04 – Managed Continuity is at level 1 with an achievement of 51% (Largely Achieved) and a gap of two levels from the target, indicating the need for improvement in Managed Continuity. Based on these findings, a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) were designed with reference to ISO 22301:2012, with risk identification conducted using the OCTAVE and FMEA methods. The analysis identified 17 risks with 37 business impact assessments, as well as the determination of MTD, RPO, and RTO along with strategies to mitigate the risks