Performance Evaluation of Business Continuity Plan in Dealing with Threats and Risks in Cilegon Companies Use ISO 22301:2019 & NIST Sp 800-30 R1 Frameworks Case Study: PT. X

Abstract

This research was conducted at PT.X which is located in Cilegon, Merak-Banten. Seeing the geographical location of PT.X which is in a disaster-prone area, the company must ensure an effective business continuity process. In accordance with government regulations on Electronic-Based Government Systems (SPBE) related to corporate and government business activities, companies must be able to ensure business continuity in every condition that poses a threat and risk, but with no specific obligation that is the basis for the company's business continuity if it does not have a Business Continuity Plan (BCP) process, it will get a sanction. The purpose of this research is to evaluate the existing BCP process at PT X Cilegon and provide recommendations for a standardized BCP framework in the company to ensure business continuity as the company's Business Continuity Management System (BCMS) to avoid all threats and risks. BCP has standards regulated in ISO 22301: 2019 as its framework, and in BCP there is a risk analysis process and this research will be carried out using the NIST SP 800-30 Revision 1 method as its best practice. The evaluation results show that the previous BCP process at PT X Cilegon was not in accordance with the standards and the risk analysis carried out was still based on the ISO that the company had implemented but not ISO 31000 which is the risk management standard, so this study provides recommendations for a BCP framework that is in accordance with the standards and risk analysis with risk analysis methods that produce risk priorities.