PENERAPAN SISTEM MANAJEMEN KEAMANAN INFORMASI BERBASIS ISO27001:2013 DI PT. X

Abstrak

This research aims to analyze and evaluate the extent to which the implementation level of Information Security Management System (ISMS) is applied at Company X. The methods employed involve various approaches such as interviews, questionnaire administration, document review, observation, and assessing
the maturity level based on the Information Security and Maturity Index (ISMI) with a rating scale ranging from 0 to 5. The interview results provided an assessment of the form of information security threats and controls that have been implemented. The questionnaire results indicated that compliance with standards reached 96% out of 34 presented questions. Furthermore, the document review revealed that there were three requirements in the annex standard that were not applied, including secure areas, security in development and support processes, and test data. In the gap analysis, a compliance rate of 95% out of 151 analysis points was found. Additionally, the observation results identified 6 minor non-compliance points and 1 point in the OFI (Opportunity For Improvement) category obtained during the internal audit activities. The entire research process served as a reference for determining the maturity level based on the ISMI, which resulted in an assessment of 94%, corresponding to level 5 (optimized). The findings of this research suggest that Company X needs to focus on enhancing data security through comprehensive data security awareness activities encompassing internal and third-party stakeholders, controls in project activities, collaboration with third parties, and fostering an information security risk culture throughout the organization.