12-CRS-0106 REVISED 8 FEB 2013 DSS (Deliver, Support, and Service) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE

12-CRS-0106 REVISED 8 FEB 2013 COBIT 5 Governance and Management Key Areas

12-CRS-0106 REVISED 8 FEB 2013 DSS (Deliver, Service and Support) 01 Manage operations 02 Manage service requests and incidents 03 Manage problems 04 Manage continuity 05 Manage security services 06 Manage business process controls

12-CRS-0106 REVISED 8 FEB Manage operations Process Description Co-ordinate and execute the activities and operational procedures required to deliver internal and outsourced IT services, including the execution of pre-defined standard operating procedures and the required monitoring activities. Process Purpose Statement Deliver IT operational service outcomes as planned. DSS01

12-CRS-0106 REVISED 8 FEB 2013

02 Manage Service Requests and Incidents Process Description Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents. Process Purpose Statement Achieve increased productivity and minimise disruptions through quick resolution of user queries and incidents. DSS02

12-CRS-0106 REVISED 8 FEB 2013

03 Manage Problems Process Description Identify and classify problems and their root causes and provide timely resolution to prevent recurring incidents. Provide recommendations for improvements. Process Purpose Statement Increase availability, improve service levels, reduce costs, and improve customer convenience and satisfaction by reducing the number of operational problems. DSS03

12-CRS-0106 REVISED 8 FEB 2013

04 Manage Continuity Process Description Establish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operation of critical business processes and required IT services and maintain availability of information at a level acceptable to the enterprise. Process Purpose Statement Continue critical business operations and maintain availability of information at a level acceptable to the enterprise in the event of a significant disruption. DSS04

12-CRS-0106 REVISED 8 FEB 2013

05 Manage Security Services Process Description Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy. Establish and maintain information security roles and access privileges and perform security monitoring. Process Purpose Statement Minimise the business impact of operational information security vulnerabilities and incidents. DSS05

12-CRS-0106 REVISED 8 FEB 2013

06 Manage Business Process Controls Process Description Define and maintain appropriate business process controls to ensure that information related to and processed by in- house or outsourced business processes satisfies all relevant information control requirements. Identify the relevant information control requirements and manage and operate adequate controls to ensure that information and information processing satisfy these requirements. Process Purpose Statement Maintain information integrity and the security of information assets handled within business processes in the enterprise or outsourced. DSS06

12-CRS-0106 REVISED 8 FEB 2013

CONTOH IMPLEMENTASI

12-CRS-0106 REVISED 8 FEB 2013

Praktikum di Lab Informatika ITT Stakeholders: –Pimpinan Fakultas (Dekan, Wadek I, Wadek II, Kaprodi S1, Kaprodi D3) –Ka Lab&Bengkel –Staf (Laboran dan Teknisi Lab) –Aslab –Asprak –Praktikan Stakeholder needs: –Benefit realization  Wadek I, Kaprodi S1 dan Kaprodi D3 menghendaki praktikum dapat meningkatkan kemampuan teknis mahasiswa. –Risk optimization  Ka Lab&Bengkel ingin memastikan bahwa perangkat lab aman dan digunakan sesuai kebutuhan praktikum –Resource optimization  Aslab bertugas mengawasi penggunaan ruang lab sesuai jadwal

12-CRS-0106 REVISED 8 FEB 2013 Praktikum di Lab Informatika ITT Business Processes - Goals –Menyusun materi praktikum dan penyampaiannya, sesuai kurikulum dan silabus yang berlaku –Menjadwalkan dan mengelola penggunaan ruang lab –Mengawasi penggunaan ruang lab sesuai jadwal IT-related Processes - Goals –Mengelola materi praktikum –Mengelola jadwal praktikum –Mengelola penggunaan ruang lab untuk praktikum Proses terkait (DSS) –01 Manage operations –03 Manage problems –06 Manage business process controls

12-CRS-0106 REVISED 8 FEB 2013 DSS03 Manage problems pada “Praktikum di Lab Informatika ITT” Process Goals: –IT-related problems are resolved so that they do not reoccur Process Metrics: –Decrease in number of recurring incidents caused by unresolved problems –Percent of major incidents for which problems were logged –Percent of workarounds defined for open problems –Percent of problems logged as part of the proactive management activity –Number of problems for which a satisfactory resolution that addressed root cause were found Contoh pertanyaan: –Berapa kali terjadi kerusakan pada aplikasi praktikum dalam 1 semester? (wawancara) –Berapa kali terjadi kerusakan yang menyebabkan praktikum gagal dilaksanakan? (wawancara) –Berapa lama penanganan kerusakan dilakukan? (review dokumen komplain) –Berapa banyak penanganan kerusakan yang didokumentasikan? (review SOP/ IK penanganan kerusakan)

12-CRS-0106 REVISED 8 FEB 2013 Group Activity (3) Lakukan pemetaan proses-proses dalam organisasi ke enabling process dalam COBIT 5 Tentukan sasaran goals dan metriks yang terkait dengan tiap goal tersebut Buatlah daftar pertanyaan untuk mengukur pencapaian goals. Kumpulkan: Daftar kesulitan/ pertanyaan yang ditemui saat mengerjakan tugas ini.

12-CRS-0106 REVISED 8 FEB 2013 THANK YOU