Academy & Industry Research Collaboration Center (AIRCC)

Volume 11, Number 22, December 2021

Risk Analysis in the Preparation of a Business Continuity Plan (BCP)
in it Services: a Case Study of Universitas Indonesia


Akmal Gafar Putra, Betty Purwandari and Farisya Setiadi, Universitas Indonesia, Indonesia


Based on the Horizons Scan Report 2021 by BSI, the top 6 threats to organizations today are pandemics, health incidents, safety incidents, IT and telecommunications outages, cyberattacks, and extreme weather. Universitas Indonesia (UI), as a modern, comprehensive, and open campus, strives to become a leading research university globally. As the IT service manager at UI, the Directorate of Information Systems and Technology (DSTI) has the task of strengthening service management by implementing risk management and security management in line with relevant laws and policies. The main problem for DSTI as an IT service at UI is that there are no documents related to risk management and information security management, resulting in IT services’ failure. This year, there have been four data center failures due to power and UPS problems. DSTI wants to improve IT services at UI by implementing risk management and Business Continuity Management System (BCMS). This study aims to conduct a risk analysis to design a Business Continuity Plan (BCP) for IT services at the University of Indonesia. The research was conducted using mix method. The OCTAVE qualitative method was carried out in finding a list of risks on critical assets in IT services at UI. A quantitative approach is needed to rank the risk list using a questionnaire and FMEA calculations to get a risk priority number. This study separates the risk of general assets and information system assets. For critical assets, it is generally found that two are at a very high level, one is high, eight risks are at a low level, and 12 are at a very high level, for information system assets found 12 assets with very high risk, three medium and one low.


Risk Analysis, OCTAVE, FMEA, ISO 22301:2019, Business Continuity Plan.