Pada era digital saat ini, perbankan dituntut untuk dapat merespon kebutuhan nasabah yang semakin meningkat dengan menyediakan layanan perbankan yang mudah, cepat, nyaman dan aman. Ketersediaan dan keandalan infrastruktur maupun sistem merupakan tuntutan agar Bank dapat memberikan produk dan layanan yang berkualitas guna mendukung peningkatan bisnis, menyediakan sistem operasional yang efektif dan efisien dengan tetap mengedepankan keamanan data dan informasi melalui pelaksanaan manajemen risiko yang baik.

Pengembangan TI Bank dilakukan selaras dengan rencana strategis Bank. Untuk itu, Bank telah memiliki Rencana Strategis TI yang telah disusun untuk periode 3 tahun dengan mengacu kepada Rencana Korporasi dan Rencana Bisnis. Program kerja yang disusun oleh TI senantiasa memperhatikan standar maupun regulasi TI dan industri perbankan yang berlaku, trend teknologi dan current IT environment

maupun kapabilitas sumber daya TI Bank. Penjabaran pelaksanaan Rencana Strategis TI setiap tahunnya disampaikan dalam Rencana Bisnis Bank setelah mendapatkan persetujuan Komite Pengarah TI yang akan menetapkan Rencana Strategis TI berdasarkan skala prioritas. Sesuai dengan Rencana Strategis TI, pengembangan TI Bank mencakup empat area utama yaitu pengembangan infrastruktur, aplikasi, sumber daya manusia dan tata kelola TI.

In today’s digital era, banks are required to be able to respond to the increased needs of customers by providing easy, fast, convenient and secure banking services. The availability and reliability of the infrastructure and systems are requirement for the Bank to provide qualified products and services to support the business increment, providing effective and efficient operational system while still prioritizing the security of data and information through the implementation of good risk management.

Bank‘s IT development is conducted in line with the Bank’s strategic plan. For that, the Bank has an IT Strategic Plan which has been prepared for 3 years period with reference to Corporate Plan and Business Plan. The work plan which is prepared by IT constantly observes IT and banking industry standard, applicable regulations, technology trends and current IT environment as well as Bank’s IT resource capabilities. The elaboration of IT Strategic Plan implementation is annually presented in the Bank’s Business Plan after the approval of IT Steering Committee who will establish the IT Strategic Plan based on priority scale. In accordance with IT Strategic Plan, the development of Bank’s IT covers four main areas, namely infrastructure and applications development, human resources and IT governance.

PROFIL PERUSAHAAN COMPANY PROFILE LAPORAN DEWAN KOMISARIS REPORT OF

THE BOARD OF COMMISSIONERS

LAPORAN DIREKSI

REPORT OF

THE BOARD OF DIRECTORS

ANALISIS &

PEMBAHASAN MANAJEMEN

MANAGEMENT DISCUSSION & ANALYSIS

131

LAPORAN TATA KELOLA PERUSAHAAN

CORPORATE GOVERNANCE REPORT

Infrastruktur teknologi informasi yang andal memegang peranan penting dalam menyediakan layanan perbankan yang berkualitas maupun mendukung perkembangan transaksi nasabah. Oleh karena itu Bank secara berkesinambungan melakukan peremajaan perangkat keras yang telah mencapai akhir masa manfaatnya, meningkatkan kapasitas perangkat keras yang mendukung proses sistem TI serta meningkatkan kapasitas jaringan komunikasi untuk mengakomodir peningkatan volume transaksi nasabah maupun menunjang performa kolaborasi email system dan aplikasi-aplikasi berbasis web yang terus dikembangkan oleh Bank.

Dari segi produk dan layanan, pengembangan aplikasi yang dilaksanakan selama tahun 2015 adalah:

• Melakukan penambahan fitur pada internet dan mobile banking

khususnya fitur pembayaran dan pembelian yang meliputi Fin-Pay yaitu sistem transaksi pembayaran secara elektronik (e-payment) bagi nasabah yang melakukan transaksi secara

online (e-commerce), pembayaran tagihan air serta televisi berlangganan.

• Pengembangan aplikasi Payment Point Online Bank (PPOB) yaitu layanan pembayaran rekening listrik secara online melalui kerjasama dengan switching provider dan mitra-mitra yang mengelola loket-loket penerimaan pembayaran tagihan listrik. • Pengembangan Fitur Bisnis pada internet banking yang

diperuntukkan bagi nasabah bisnis dari segmen perorangan dan perusahaan yang akan diluncurkan pada tahun 2016. Fitur Bisnis menawarkan limit transaksi yang lebih fleksibel, transaksi multi debet / kredit, program payroll, serta fitur-fitur

cash management lainnya dengan keamanan yang terjaga karena adanya user berjenjang.

Di samping mendukung pengembangan produk dan layanan, program kerja TI juga meliputi pengembangan infrastruktur maupun aplikasi dalam rangka meningkatkan optimalisasi proses kerja yang pada akhirnya bertujuan untuk meningkatkan efisiensi dan produktivitas. Sejumlah program kerja yang dilaksanakan antara lain dengan mengembangkan aplikasi berbasis web untuk program Human Resources Information System yang bertujuan agar karyawan dapat mengetahui kebijakan ketenagakerjaan maupun program pengembangan karir bagi masing-masing individu. Setelah menyelesaikan pengembangan fitur Employee Information System

pada tahun 2014, maka pada tahun 2015 Bank mengembangkan fitur Paperless Leave & Overtime dan Remuneration Information System. Fitur Remuneration Information System terdiri dari data absensi, remunerasi dan fasilitas yang diterima oleh karyawan adapun fitur Paperless & Overtime berisikan data dan perhitungan mengenai cuti dan lembur karyawan.

Selama tahun 2015, pengembangan di bidang TI juga dilakukan dalam rangka memenuhi ketentuan regulator meliputi pengembangan MPN (Pajak) Generasi II, SKN Next Generation, RTGS/SSSS Gen II dan pengembangan aplikasi untuk pelaporan kepada PPATK yaitu

Gathering Reports and Processing Information System (GRIPS). Di samping melakukan berbagai pengembangan, Bank menerapkan berbagai langkah untuk pengendalian keamanan data dan transaksi. Pengendalian keamanan informasi pada aplikasi dilakukan dengan melakukan pembatasan akses pengguna aplikasi, penggunaan

firewall berlapis, program anti virus, serta perangkat enkripsi

Reliable information technology infrastructures play an important role in providing qualified banking services as well as support customer transactions development. Therefore, the Bank continuously rejuvenating hardware which has reached the end of its benefit period, increasing hardware capacity which supports IT systems and increasing link communication capacity to accommodate the increased volume of customer transactions as well as support the collaboration performance of e-mail systems and web based applications which continually developed by the Bank.

In terms of products and services, the developments of applications which implemented during 2015 are:

• Perform additional features on the internet and mobile banking notably payments and purchases that include Fin-Pay that is electronic payment (e-payment) transaction system for customers who conduct online transactions (e-commerce), water bill payment and subscription television.

• Development of Payment Point Online Bank (PPOB) application which is online electricity bill payment service through co- operation with switching providers and partners who manage the counters of electricity bill payment.

• Development of Business features in internet banking which are intended for business customers both individuals and companies segment that will be launched in 2016. Business Features offers a more flexible transaction limits, multi debit/ credit transaction, payroll program, as well as other cash management features with controlled security because the availability of tiered user.

In addition to support the development of products and services, IT work plan also includes infrastructure as well as applications development in order to improve the optimization of working processes that ultimately aims to increase efficiency and productivity. Some work plans carried out partly by developing web-based applications for Human Resources Information System program which aimed to enable employees to be aware of employment policies and career development programs for each individual. After completing the development of Employee Information System feature in 2014, in 2015 the Bank developed Paperless Leave & Overtime and Remuneration Information System. Remuneration Information System features consists of attendance data, remuneration and facilities received by the employee as for Paperless & Overtime features contains data and calculation of employees’ leave and overtime.

During 2015, the development in the IT field is also conducted to comply with regulatory authority include the development of MPN (Tax) Generation II, SKN Next Generation, RTGS / SSSS Gen II and the development of applications for reporting to INTRAC namely Gathering Reports and Processing Information System (GRIPS). In addition to undertaking various developments, the Bank implemented various measures to control the security of data and transactions. Control of application’s security information is done by limiting user access to applications, the use of layered firewall, antivirus programs, as well as encryption devices for important MANAJEMEN RISIKO RISK MANAGEMENT TEKNOLOGI INFORMASI INFORMATION TECHNOLOGY DATA PERUSAHAAN CORPORATE DATA LAPORAN KEUANGAN AUDIT

AUDITED FINANCIAL REPORT

SUMBER DAYA MANUSIA

HUMAN RESOURCE

terhadap informasi-informasi penting. Pengamanan terhadap layanan

internet dan mobile banking dilakukan dengan menerapkan standar enkripsi menggunakan https, pengamanan pada saat login dengan menggunakan user-id dan password serta penggunaan hard token. Bank secara berkala melakukan penetration test yang dilakukan oleh pihak ketiga untuk menguji dan memastikan keamanan sistem internet

dan mobile banking. Bentuk pengamanan lain adalah pengiriman notifikasi kepada nasabah atas setiap transaksi keuangan yang dilakukan melalui media surat elektronik (email), serta sosialisasi kepada nasabah melalui berbagai media untuk menjaga keamanan

password, phising email dan informasi lainnya untuk meningkatkan kewaspadaan terhadap kemungkinan adanya cyber-crime. Guna memastikan kontinuitas layanan dan operasional Bank pada saat terjadi kejadian luar biasa, Bank telah menyusun Business Continuity Plan (BCP) dan menyediakan pusat pemulihan bencana (Disaster Recovery Center/DRC) yang mampu menjalankan semua bisnis perbankan pada saat sistem TI di pusat data utama tidak berfungsi. Uji coba terhadap DRC telah dilakukan secara berkala oleh Bank.

informations. Security of Internet and mobile banking services are performed by applying standard encryptions using the https, security at login by using user-id and password as well as the use of hard tokens. The Bank regularly performs penetration tests conducted by third party to test and verify the security of the internet and mobile banking system. Another effort to increase security is notification to customer on each financial transaction conducted that sent to the customer via electronic mail (e-mail), as well as dissemination to customers through various media to maintain the security of passwords, phising e-mail and other informations to increase awareness of the possibility of cyber-crime.

In order to ensure continuity of service and operations of the Bank in the event of extraordinary events, the Bank has prepared a Business Continuity Plan (BCP) and provides Disaster Recovery Center / DRC which is capable of running all banking business at the time of the IT system in the main data center is not functioned. Trial of the DRC has been conducted periodically by the Bank.

PROFIL PERUSAHAAN COMPANY PROFILE LAPORAN DEWAN KOMISARIS REPORT OF

THE BOARD OF COMMISSIONERS

LAPORAN DIREKSI

REPORT OF

THE BOARD OF DIRECTORS

ANALISIS &

PEMBAHASAN MANAJEMEN

MANAGEMENT DISCUSSION & ANALYSIS

133

LAPORAN TATA KELOLA PERUSAHAAN

CORPORATE GOVERNANCE REPORT

Infrastruktur dan sistem teknologi informasi yang handal tidak akan berjalan secara optimal tanpa adanya sumber daya manusia (SDM) yang kompeten sehingga pengetahuan dan ketrampilan staf SKTI secara berkala diperbarui melalui berbagai pelatihan internal dan eksternal baik yang bersifat hard skill maupun soft skill. Demikian pula apabila terdapat rencana implementasi teknologi baru maka SKTI bekerjasama dengan Divisi Sistem dan Prosedur melakukan pelatihan kepada calon pengguna mengenai fitur atau aplikasi baru yang akan diimplementasikan termasuk sosialisasi prosedur kerja. Ke depan, Bank akan terus mengembangkan aplikasi untuk mendukung pengembangan bisnis meliputi penambahan fitur-fitur pada layanan electronic banking, pengembangan infrastruktur sejalan dengan pengembangan jaringan kantor maupun delivery channel

yang lain, serta upgrade terhadap Disaster Recovery Center. Dari sisi pemenuhan ketentuan regulator pengembangan yang akan dilakukan antara lain terkait persiapan sistem terkait migrasi kartu debit sesuai National Standard for Indonesia Chip Card Spesification (NSICCS).

Reliable infrastructure and information technology system will not run optimally without competent human resources (HR) hence periodically IT staffs’ knowledge and skills are updated through a various internal and external training both hard skills and soft skills. Similarly, if there is a new technology implementation plan then IT in cooperation with the Systems and Procedures Division conducting training to relevant users about the features or new applications that will be implemented including the socialization of work procedures.

In the future, the Bank will continue to develop applications to support business expansions which includes the addition of features in electronic banking services, the development of infrastructure in line with the development of office network and other delivery channels, as well as upgrades the Disaster Recovery Center. From the fulfillment of regulatory authority, the development which will be done is related to the system preparation of debit card migration in accordance to the Indonesian National Standard for Chip Card Specification (NSICCS). MANAJEMEN RISIKO RISK MANAGEMENT TEKNOLOGI INFORMASI INFORMATION TECHNOLOGY DATA PERUSAHAAN CORPORATE DATA LAPORAN KEUANGAN AUDIT

AUDITED FINANCIAL REPORT

SUMBER DAYA MANUSIA

HUMAN RESOURCE

SUMBER DAYA MANUSIA