Jong Jek Siang
Program Studi Sistem Informasi Universitas Kristen Duta Wacana Yogyakarta, Indonesia

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

Internal Compliance Audit of the Information Security Management System in a Cybersecurity Company based on ISO/IEC 27001 Sterevania Rambu Muna; Halim Budi Santoso; Jong Jek Siang
Sistemasi: Jurnal Sistem Informasi Vol 15, No 6 (2026): Sistemasi: Jurnal Sistem Informasi
Publisher : Universitas Islam Indragiri

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32520/stmsi.v15i6.6471

Abstract

Information Security Management Systems (ISMSs) require periodic evaluation to assess their level of compliance with established standards and frameworks. This study evaluates the implementation of an Information Security Management System in an Indonesian cybersecurity services company, with a particular focus on the Compliance Division and the Security Operations Center (SOC). The case study was selected because the organization's ISMS had not been implemented consistently, particularly regarding the regular updating of security policies and operational procedures. As a cybersecurity service provider, the company is expected to conduct periodic compliance assessments to ensure alignment with recognized information security management standards, such as ISO/IEC 27001:2022. The study employed a Gap Analysis approach that combined qualitative and quantitative data. Data were collected through direct observation and a review of internal documentation after obtaining the company's authorization. The results indicate an overall compliance level of 77.5%. Three control areas achieved full compliance: the timely execution of internal audits, incident documentation, and log management. Based on the identified gaps, a set of improvement recommendations was developed to assist the organization in achieving greater compliance with the requirements of ISO/IEC 27001:2022. This study provides practical contributions by demonstrating the application of the ISO/IEC 27001:2022 framework for conducting internal compliance audits of Information Security Management Systems and offering actionable recommendations for strengthening organizational information security governance.