Proposed Business Continuity Plan Information Technology using ISO 22301 And ISO 27031

Ari Cahaya Puspitaningrum


Majority of organizations have a high dependence on the role of information technology (IT). IT has a very important role for a business, so IT implementation needs to be protected from various threats and disruptions to avoiding IT failures and the occurrence of IT risks that will poor impact to business activities of the organization. To ensure the sustainability of the business, an organization needs to have a business continuity planning (BCP) document. BCP is a complete set of procedures to respond to the disruption of business operations effectively and efficiently, so that business can continue continuously. During all this time, not many organizations have awareness to the importance of good BCP implementation. It is caused by the lack knowledge how to design BCP document with comprehensive, included business impact analysis and prioritize critical business processes. Organizations without BCP implementation, would potentially loss profit, because they did not have any preparation in case of disaster related to information technology which has crusial role in business organizations. This indicated that BCP is important to be implemented throughout the organization for business to continue continuously as it reduces the negative impact of business interruptions. The output of this research is the proposed BCP in the oil and gas industry using ISO 22301:2012, ISO 27031:2011 references related to business continuity in information technology, and previous research on BCP elements.

Full Text:



J. J. Kassema, “Information Technology (IT) Contingency Plan as part of the Business Continuity Plan: Case of IT Services Delivery Industry,” SSRN Electron. J., Dec. 2019, doi: 10.2139/ssrn.3496143.

P. Kirvan, “Ten business continuity risks to monitor in 2018,” 2018. .

S. Fani and A. Subiadi, “Trend of Business Continuity Plan: A Systematic Literature Review,” Feb. 2020, doi: 10.4108/eai.13-2-2019.2286164.

F. Sambo and F. O. Bankole, “A normative Process Model for ICT Business Continuity Plan for Disaster Management in small, Medium and Large Enterprises,” Int. J. Electr. Comput. Eng., vol. 6, no. 5, pp. 2425–2431, 2016, doi: 10.11591/ijece.v6i5.11461.

J. Botha and R. Von Solms, “A Cyclic Approach to Business Continuity Planning,” Inf. Manag. Comput. Secur., vol. 12, no. 4, pp. 328–337, 2004, doi: 10.1108/09685220410553541.

IEEE Computer Society., “Business Continuity Planning (BCP) Methodology – Essential For Every Business,” 2011.

ADRC, “Business Continuity Planning ( BCP ) Survey Results and Analysis for the APEC Region,” Asian Disaster Reduct. Cent., no. Aug, 2011.

Mercer’s Business Responses to the COVID-19 Outbreak Survey, “51% of Organizations Have No Business Continuity Plan to Combat Coronavirus,” 2020. [Online]. Available:

M. Niemimaa and J. Järveläinen, “IT Service Continuity: Achieving Embeddedness Through Planning,” Proc. - 2013 Int. Conf. Availability, Reliab. Secur. ARES 2013, pp. 333–340, 2013, doi: 10.1109/ARES.2013.45.

K. Roush, A. Opsahl, K. Parker, and J. Davis, “Business Continuity Planning:: An Effective Strategy During an Electronic Health Record Downtime,” Nurse Lead., vol. 19, no. 5, pp. 525–531, 2021, doi: 10.1016/j.mnl.2021.01.003.

A. Setiawan, A. Wibowo, and A. H. Susilo, “Risk Analysis on The Development of a Business Continuity Plan,” Proc. 2017 4th Int. Conf. Comput. Appl. Inf. Process. Technol. CAIPT 2017, vol. 2018-Janua, pp. 1–4, 2018, doi: 10.1109/CAIPT.2017.8320736.

I. Setiawan, R. Waluyo, and W. A. Pambudi, “Perancangan Business Continuity Plan dan Disaster Recovery Plan Teknologi dan Sistem Informasi Menggunakan ISO 22301,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 3, no. 2, pp. 148–155, 2019, doi: 10.29207/resti.v3i2.911.

G. W. Pramudya and A. N. Fajar, “Business Continuity Plan using ISO 22301:2012 in IT solution company (pt. ABC),” Int. J. Mech. Eng. Technol., vol. 10, no. 2, pp. 865–872, 2019.

J. W. Creswell, “Qualitative Inquiry and Research Design: Choosing among Five Traditions,” SAGE Publications, London., 1998.

Yin, R.K., “Case Study Research Design and Methods,” COSMOS Corporation, Washington., 1989.

International Standards Organization, “ISO/IEC 22301,” 2011.

T. S. Preview, “International Standard ISO / IEC Information Technology — Security Techniques — Information Security Management Systems — Guidance iTeh Standard Preview iTeh Standard Preview,” vol. 2017, 2017.

R. L. Tammineedi, “Business Continuity Management: A Standards-based Approach,” Inf. Secur. J., vol. 19, no. 1, pp. 36–50, 2010, doi: 10.1080/19393550903551843.

S. A. Torabi, R. Giahi, and N. Sahebjamnia, “An Enhanced Risk Assessment Framework for Business Continuity Management Systems,” Saf. Sci., vol. 89, pp. 201–218, 2016, doi: 10.1016/j.ssci.2016.06.015.

S. V. Seyed Shamseddin Alizadeh, Y Rasoulzadeh, P Moshashaie, “Failure Modes and Effects Analysis (FMEA) Technique: A Literature Review,” Sci. J. Rev., no. January, 2015, doi: 10.14196/sjr.v4i1.1805.

S. Snedaker, Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd ed. USA: Elsevier Inc, 2014.


Article Metrics

Abstract view : 850 times
PDF - 349 times


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.