BUSINESS IMPACT ANALYSIS

[Date of Report]
CONTENTS:

ITEM PAGE

1 BIA Information: 3
 Dates
 Document controls
 BIA Sign Off
 Date of next BIA Review

2 Business/Service contact information 4

3 Service structure: 5
 Structure chart
 Staff and location details

4 Stakeholders & Dependencies Analysis 7

5 Critical Functions Analysis 8

 Overall Goal of business/service
 Functions involved
 Impact of individual business functions
 Vital resources for individual business functions

6 Single Points of Failure for Business/ Service 13

7 Key Timed Deliverables for Business/Service 14

8 Risk Assessment 15
 General risk management approach
 Management of high risks

9 Business Continuity Planning 16

 BC Planning
 Plan Testing
 Additional BC Support

10 Recommendations 17

Page 2 of 23
Section 1: BIA INFORMATION AND DOCUMENT CONTROLS

Date of BIA 7 March 2016

Version number & type (e.g. draft, final etc) 3.0

File path/location TI-IK-Aplikasi-DRP-Admin, TI-IK-Aplikasi-DRP-

Sinfo
Date of BIA Review 7 March 2016

Details of Staff Involved in BIA Process

Name Role Tel/email

Dodi Apriananta DRP Team Leader 08186586200,
dodia@ptpjb.com
Ilham Riyanto Network Manager & Emergency 08155069060,
Response ilham@ptpjb.com
Bambang Prastyo Wibowo Recovery Manager 08155075276,
b.prastyo@ptpjb.com

DOCUMENT CONTROL

Date Revision/Amendment Details & Reason Author

13-12-2004 Initial Version M. Agustian
16-04-2012 V2.0 Update VPN M. Agustian
07-03-2016 Contact, Organization Chart, Risk Register Harnanto W.N.

This section details the current version and previous updates

BIA SIGN OFF

Are any changes expected in the service
that might impact on the BIA data?
Name and Title of person signing off BIA:
If Yes, please give further details
This might include things like a forthcoming
restructure, acquisition of a new premises etc
that might prompt the BIA to be updated before
the next scheduled review
Dodi Apriananta (IT Senior Manager)

Signature Date

Page 3 of 23
Section 2: SERVICE CONTACT INFORMATION

The following information is important because it can provide you with a lot of the data that will be
needed when you populate your Business Continuity Plan

Information Technology
2.1 Name of Function
Bidang Teknologi Informasi (BTI)
2.2 Name of Department
Dodi Apriananta
2.3 Name Of Head of Department

2.4 Name of Head of Function

Job Title: Senior Manager TI 08186586200

Ilham Riyanto
2.5 Alternative Service Contact 1:

Job Title: Manajer Operasi & Layanan TI 08155069060

Bambang Prastyo Wibowo
2.6 Alternative Service Contact 2:

Job Title: Senior Specialist 08155075276

Add more lines if you need them, and change the headings if they are not appropriate to your
organisation e.g. if your organisation has a different structure to the one listed.

Page 4 of 23
Section 3: SERVICE STRUCTURE

3.1 Structure Chart

Please insert current departmental/organisational structure chart, (if available) which shows the
location of the service/team to other services/teams operated.

Alternatively you could give a brief description of the position of this service in the departmental
structure. The reason for gathering this information is that is ensures that details for a particular
aspect of your organisation are not forgotten in error as you go through the BC Planning process.

DIREKTORAT PENGEMBANGAN & NIAGA

DIREKTUR
PENGEMBANGAN & NIAGA

FUNGSIONAL AHLI

SENIOR MANAJER SENIOR MANAJER SENIOR MANAJER SENIOR MANAJER

SENIOR MANAJER
MANAJEMEN PENGEMBANGAN BUSINESS STOCKIEST
KOMERSIAL
ENERGI KORPORASI SOLUTION PEMBANGKIT

MANAJER
MANAJER NIAGA DAN MANAJER NIAGA DAN MANAJER PERENCANAAN MANAJER
INFRASTRUKTUR DAN
SETTLEMENT SETTLEMENT KORPORASI BISNIS STOCKIEST
APLIKASI

MANAJER PENGEMBANGAN
MANAJER PENGEMBANGAN MANAJER PENGEMBANGAN MANAJER PENGEMBANGAN MANAJER
ANAK PERUSAHAAN &
ASET ASET & ANALISA BISNIS PERENCANAAN STOCKIEST
PERUSAHAAN AFILIASI

TELEMETERING &
MANAJEMEN ENERGI
(FUNGSIONAL)

Page 5 of 23
Page 6 of 23
3.2 Staff Numbers and Locations

Give details of locations from which your business/service(s) is/are delivered or managed and the approximate numbers of staff based in each location.
(Add/delete additional rows as required). Please also indicate whether staff could work remotely and whether arrangements to do so are already in place.
Information like this is useful because it can help identify alternative premises or ways of working that might be available to your organisation, particularly if
it operates from more than one building. If you have more than one site, you might want to think about multiple business continuity plans that are site-
specific.

Location Building Shared Number of Number of Number of Details of alternative working

owner if building? staff based staff that staff that can arrangements that are in place
known Y/N in /working could work work at an
from location remotely/ alternative
from home site
1 Head Quarter PT PJB Y 23 12 3

2 Representative Office PT PLN Y 2 1 2

(DRC)

3 Gresik Power Plant PT PJB Y 2 2 2

4 Paiton Power Plant PT PJB Y 2 2 2

5 Brantas Power Plant PT PJB Y 2 2 2

6 Muara Karang Power PT PJB Y 2 2 2

Plant

7 Muara Tawar Power PT PJB Y 2 2 2

Plant

8 UPHB PT PJB Y 2 2 2

9 UPHT PT PJB Y 2 2 2

Page 7 of 23
Section 4: STAKEHOLDERS & DEPENDENCIES

Taking into account the above information, you now need to identify who you depend upon to deliver your service functions (dependencies) and also who
relies on your function being delivered successfully (dependents). This enables contingency arrangements to be set up as appropriate e.g. who needs to
be informed if the functions are not available? Do you need to check the contingency arrangements of your key supplier(s) to ensure they can continue to
meet your needs in the event of an incident affecting them? If you have more than one key supplier, they each need to be considered separately in the
table below.

Stakeholder Name Internal External Relationship to function (tick all that apply) Comments e.g. if relevant for a particular
(amend/add to as Dependency Dependent Interested function in the business
required) (Required for (Depends on Party
delivery of delivery of (Needs to be
function) function) informed)
Staff 2402 PJB’s
√
Employee
Regulator PLN,
√
Government
All units and
Service Users/Customers
departments √
of PJB
Accountant

Key supplier(s)

Page 8 of 23
Section 5: CRITICAL FUNCTIONS ANALYSIS

5.1 Service Provision Aims and Functions: What is/are the main aims/overall goal(s) of your business/service?

The mission is to provide and manage information technology services effectively and efficiently to meet the level of service the company's
business needs

5.2 What functions in your business/service are involved in delivering this overall aim? What is the outcome/end result of the
function being delivered? (Add additional rows if required)

Think of a function as being an aspect of your whole business that, combined with other functions enables the overall aim to be achieved

Ref Function Name Outcome of function being delivered Priority Rating (to be completed
following impact assessment in 4.3)

F1 IT Infrastructure IT Operation 1

F2 Application Service Application services can be accessed 2

F3 Helpdesk Service Desk 3

F4 Administration Correspondence 4

F5 IT Development Application Development & Business Analyst 5

F6

Page 9 of 23
5.3 Impact of Business Functions

This section asks you to describe the impact of not delivering each of the business functions you identified in section 4.1. For further information on the
disruption categories, please see Appendix A. If your organisation has more than 1 function, complete additional continuation sheets for each function

F1: IT Infrastructure Priority Rating: 1

Impact over time : Tick where & when you Comments/justification (where an impact over time has been identified) Give some
Specific Impact of
consider serious impact will occur further information about why you have decided upon the’ impact over time rating’
Disruption
The times below are just a suggestion and you that you have assigned.
The categories here will need to change them to meet your needs
are just suggestions
and you will need to
change them to meet
your needs. What is
1hr 3hrs 1 day 3 days 1week 1month
useful is to assess
each function against
the same impact
headings
Security & Safety
x x x x
Reputation
x x x
Negligible/None
x x

Financial Loss x x x
Legal
Issues/Regulatory x
Impact
Customer/Client
x x
Impact

Page 10 of 23
F2: Application Service Priority Rating: 2
Impact over time : Tick where & when you Comments/justification (where an impact over time has been identified) Give some
Specific Impact of
consider serious impact will occur further information about why you have decided upon the’ impact over time rating’
Disruption
The times below are just a suggestion and you that you have assigned.
The categories here will need to change them to meet your needs
are just suggestions
and you will need to
change them to meet
your needs. What is
1hr 3hrs 1 day 3 days 1week 1month
useful is to assess
each function against
the same impact
headings
Security & Safety
x x x x
Reputation
x x x
Negligible/None
x x

Financial Loss x x x
Legal
Issues/Regulatory x
Impact
Customer/Client
Impact
x x

Page 11 of 23
F3: Helpdesk Priority Rating: 3
Impact over time : Tick where & when you Comments/justification (where an impact over time has been identified) Give some
Specific Impact of
consider serious impact will occur further information about why you have decided upon the’ impact over time rating’
Disruption
The times below are just a suggestion and you that you have assigned.
The categories here will need to change them to meet your needs
are just suggestions
and you will need to
change them to meet
your needs. What is
1hr 3hrs 1 day 3 days 1week 1month
useful is to assess
each function against
the same impact
headings
Security & Safety
x
Reputation
x
Negligible/None
x x x x x

Financial Loss x
Legal
Issues/Regulatory x
Impact
Customer/Client
Impact
x

Page 12 of 23
F4: Administration Priority Rating: 4
Impact over time : Tick where & when you Comments/justification (where an impact over time has been identified) Give some
Specific Impact of
consider serious impact will occur further information about why you have decided upon the’ impact over time rating’
Disruption
The times below are just a suggestion and you that you have assigned.
The categories here will need to change them to meet your needs
are just suggestions
and you will need to
change them to meet
your needs. What is
1hr 3hrs 1 day 3 days 1week 1month
useful is to assess
each function against
the same impact
headings
Security & Safety
x
Reputation
x
Negligible/None
x x x x x

Financial Loss x
Legal
Issues/Regulatory x
Impact
Customer/Client
Impact
x

Page 13 of 23
F5: IT Development Priority Rating: 5
Impact over time : Tick where & when you Comments/justification (where an impact over time has been identified) Give some
Specific Impact of
consider serious impact will occur further information about why you have decided upon the’ impact over time rating’
Disruption
The times below are just a suggestion and you that you have assigned.
The categories here will need to change them to meet your needs
are just suggestions
and you will need to
change them to meet
your needs. What is
1hr 3hrs 1 day 3 days 1week 1month
useful is to assess
each function against
the same impact
headings
Security & Safety
x
Reputation
x
Negligible/None
x x x x x

Financial Loss x
Legal
Issues/Regulatory x
Impact
Customer/Client
Impact
x

5.4 Recovery Time Objectives and Recovery Point Objectives

This section asks you to identify the ‘Recovery Time Objectives’ (RTO) and the ‘Recovery Point Objectives’ (RPO) for each business/service function. It is
important to give these areas some thought because they will help you to determine the priorities for recovery, the minimum resources required for
recovery and the order of recovery for the different functions.

Function Recovery Time Objective Comments

IT Infrastructure 1 day

Application Service 3 days

Page 14 of 23
Helpdesk 1 month

Administration 1 month

IT Development 1 month

For the different systems used by your organisation, it useful to consider the RPO. This describes the point in time to which data must be restored in order
to be acceptable to the owner(s) of the processes supported by that data. This is often thought of as the time between the last available backup and the
time a disruption could potentially occur. The RPO is established based on the agreed tolerance for loss of data or re-entering of data.

Function Recovery Point Objective Comments

B R K F
IT Infrastructure X Choose the most appropriate response
Application Service X

Helpdesk X

Administration X

IT Development X

KEY
B Last back-up (generally the previous close of business)
R Replication (intraday)
K Last KeyStroke (realtime)
F Functionality only (data backup not required)
5.5 Vital Resources Required for Function F1 [Name of function as detailed in section 4.1]

This section asks you to list the resources required to restore a function against what you normally use. Then, when you are planning you can ensure that
you have available or can quickly obtain the resources that are needed to restore the function. It is useful to communicate any relevant findings of this
section with IT service providers (either internal or external) to help specify your technology requirements and the service levels you would expect in a
recovery situation.
Page 15 of 23
You can add/remove resource types according to the needs of your organisation
Resource Type Normal Requirement Requirement by timescale in Impact upon the function What kind of contingency
Disruption if this resource is arrangement is in place to manage
unavailable. the loss of the resource? Write the
Low Medium High word Formal/Informal/None as
1hr 3hrs 1 day 3 days 1week 1month
appropriate
Staff
40 5 10 15 25 30 40 X
Buildings (e.g. for
delivery of frontline 2 1 1 1 1 1 1 X
service)
Work station (Desk,
40 5 10 15 25 30 40 X All staff set up to work from home
PC & Telephone)
Specialist IT
applications (please 40 5 10 15 25 30 40 X
specify)
Specialist equipment
Data

10 Mbps 1 2 2 3 5 10 X
Internet Access
40
Networked PCs
30
Laptops
15
Landlines
40
Mobile Phones
Fax Machine
1
Work Vehicles
2 2 2 2 2 2 2 X
9 1 1 1 1 1 1 X
Office Space (e.g.
customer reception
points, trading
Page 16 of 23
premises, storage
space)
40 5 10 15 25 30 40 X
Car Parking

Section 6: SINGLE POINTS OF FAILURE

Page 17 of 23
This section asks you to identify any ‘single points of failure’ for your organisation so adequate contingency measures can be put in place. Using the
information in the vital resources and stakeholder sections indicate any factors that, if they were not available would mean that your service could not
operate.

Resource e.g. specially trained

staff, a supplier, a piece of
Name of Function
Officer responsible equipment etc that the function
could not operate without
Back up arrangements in
Suggestions for improving
place (state whether formal or
resilience
informal)

Ellipse Ilham Riyanto Infrastructure staff and system Disaster Recovery Center
administrator options established

Email Ilham Riyanto Infrastructure staff and system Disaster Recovery Center
administrator options established

Page 18 of 23
Section 7: KEY TIMED DELIVERABLES

There may be aspects of your service that are essential and must be delivered; these functions may also be more crucial at certain times of the month/year
etc. Please indicate below where there are any such requirements. This helps identify where you might want to see recovery priorities focused and/or
changed in your BC plan. Examples might include where there is a statutory duty for you to deliver a service or an activity that only takes place at a certain
time of year and to not deliver these duties would create a serious issue for your organisation to cope with.

Key Deliverable Function responsible for key Day and Time Due Impact if not delivered (Low/Medium/High +
deliverable (as listed in 4.1) rationale)

* You may only wish to complete Section 8 and Section 9 if they are relevant to the structure of your
organisation. *
Page 19 of 23
Section 8: RISK ASSESSMENT

The purpose of this section is to link business continuity planning with existing risk management in your organisation. Have you forgotten to deal with any
risks? Do any risks present a business continuity issue? For example, you may have identified that a key risk for your organisation is the fact that your
office is based near a flood area. Your business continuity strategy might be to regularly check flood alerts and organise measures that protect the building
if a flood is expected.

8.1 Please describe the risk assessment and management approach you have taken

Self assessment

8.2 High Risks: Please list the risks that have been identified as high for your organisation/department and how these have been
managed or treated
Your risk register Description of risk Details of how the risk has been managed/treated
reference
Unauthorized Prevent unauthorized access (internal) Installation of security/monitoring/logging devices
access (internal)
Service Failure Deviations from the specifications of existing services Provision of backup/redundant servers

Data Backup Failed Backup system failed Provision of alternate backup system/method

Hardware Failure Hardware malfunction Backup units / Maintenance

Fire Fire Hazard Installation of fire protection

Intruders (External) System Intrusion Installation of security/monitoring/logging devices

Data Damage Lost of data Installation of backup system

Page 20 of 23
Power Outage Lost of power Installation sms gateway alert/notification system

Virus Computer Virus Infection Maintain Virus Definition

Catasthrope Bomb, Earthquake DRP/DRC program

Attach a copy of your risk register if it is available or if you have completed one.

Section 9: BUSINESS CONTINUITY PLANNING

One of the main purposes of completing a BIA is to identify areas where your overall business continuity strategy (not just the plan) needs attention. This
section captures your current position in relation to business continuity planning and might highlight steps you could take to increase your resilience.

9.1 What is the current position with business continuity planning in the organisation? (e.g. plan up to date, needs revision etc)

9.2 Describe the current position with Business Continuity Plan testing/exercising in the organisation? (E.g. date plan test carried
out, recommendations implemented etc)

9.3 List any additional/specific Business Continuity Planning support required by the organisation/ service? (E.g. specialist support,
training etc)

Page 21 of 23
Page 22 of 23
Page 23 of 23