Soft System methodology

Amanda Wardin 1906366551

Fitri Yani Rossa Safira 1906295795
Lely Cahyani 1906295883
Mia Silvia 1906387796
Saffana Putri Andriana 1906387644
Shalva Fadhilla 1906296072
 TABLE OF CONTENTS
01 02 03
The Problem SITUATION Rich Picture Root Definition

04 06
Conceptual Models Feasible & desirable

05
Changes
07
Action to improve the
Comparison OF 4 with 2 situation
The problem
situation
 The public was shocked by the news of leaks of hundreds of
millions of population data that were traded online.
Spokesperson for the Ministry of Communication and
Informatics (Kominfo) Dedy Permadi said the characteristics of
the leaked data were "strongly suspected to be identical to BPJS
Health data", including card numbers, office codes, family data
/ data of dependents, and payment status.

Source : https://tirto.id/masalah-bpjs-kesehatan-tak-hanya-kebocoran-data-tapi-juga-hal-lain-ggjd
 The problem
situation expressed
Rich picture holon
1. Improve and strengthen security
systems, Executive director BPJS

2. Improve human resources and

technology and ratify the protection
data personal laws, CEO of Menara
Digital

3. Mitigate things that will interfere

safety data in service process and
administration, President director
BPJS

4. Block all sites and links that related

to the leaked data, Kominfo
Root definition
 Root definitions
X: Handling BPJS Kesehatan data leakage effectively

Y: BPJS Kesehatan Programs to handle data leakage effectively:

- Enhancing the protection and resilience of Information Technology (IT) security
systems against potential data security intrusions
- Mitigation of things that interfere with data security in the service and
administration process
- Preparation of contingency plans with a business continuity management
approach
- Strategic cooperation with BSSN and other professional institutions / parties

Z: Minimal risk and impact from re-leaking of BPJS data

Source: https://nasional.kompas.com/read/2021/05/25/21535611/bpjs-kesehatan-laporkan-kasus-kebocoran-data-ke-bareskrim-polri?page=all
 CATWOE ANALYSIS
C: Indonesian residents

A: BPJS Kesehatan (in cooperation with helping parties: BSSN, KOMINFO, etc.)

T: Handling BPJS Kesehatan data leakage effectively

Input: Leakage of population data at BPJS Kesehatan
Output: Minimal risk and impact from re-leaking of BPJS data

W: BPJS Kesehatan data leakage endangers the Indonesian population and

their trust towards BPJS

O: BPJS Kesehatan

e: Limited high-quality human and technological resources, the dynamics of

the hacking world
Conceptual model
Comparison of 4 with 2
COmparison of 4 with 2
ACTIVITIES HAVE/NOT HAVE CURRENT RECOMMENDATI COMMENTARY
MECHANISM ON

Identify all sensitive have Barestim team of Polri The ascertainment of

data would call out of the the problem must be
Ali Ghufron Mukti for investigated carefully
the asked for
information regarding
the alleged data leak

Limit access to not have - Make regulations for BPJS company should
customer’s most not anyone to be able make sure at least only
valuable data to access important certain people and
data certain divisions can
access important data
third party vendor not have - Make regulations data information is
must comply data and actions against very important so
security rules those who violate that the punishment
them needs to be made
carefully

Build a strong and not have - make the system -

secure IT strong and difficult
infrastructure to break into and
periodically update
that system

Regular audit on have BPJS company carry out firm -

security posture have the regulation checks on the audit
audit by 7 institution process
outside the DPR

conduct a not have - conduct training on letting employee

employee security the importance of know that data is
awareness training data by ensuring very important
employees know
the consequences
Feasible & Desirable
changes
In dealing with data leakage
effectively, Kominfo can rely on
Government Regulation No. 71 of
2019, UU ITE, and PM Kominfo
regarding the protection of personal
data as basis for prevention and
investigation. Kominfo can increase
personal data protection efforts by
responding quickly to blocked sites
and links that are allegedly
facilitating the sale of personal data.
Then the authorities must carry out an
examination that focuses on the root of
the problem, because we have to find
out whether this is caused by hackers or
purely due to human error, this is done
in order to create a political system in
achieving confidentiality, integrity, and
availability. If the data leak reoccurs, it
will cause a very crucial problem where
there can be a change of identity
number (change in NIK). Therefore,
these precautions can be taken to solve
the problem of data leakage
Action to improve
the situation
 Developing regulation audit that has
been made! Implement in starting back
to the initial stage.
 REFERENCES
● https://tekno.kompas.com/read/2020/05/22/12510027/ini-kata-menkominfo-
soal-dugaan-kebocoran-data-200-juta-warga-indonesia?page=all
● https://tekno.kompas.com/read/2020/05/22/12510027/ini-kata-menkominfo-
soal-dugaan-kebocoran-data-200-juta-warga-indonesia?page=all
● https://nasional.kompas.com/read/2021/05/25/21535611/bpjs-kesehatan-lap
orkan-kasus-kebocoran-data-ke-bareskrim-polri?page=all
● https://www.medcom.id/nasional/peristiwa/MkMq3BDk-pihak-ketiga-dinilai-bi
sa-menyumbang-kebocoran-data-peserta-korporasi