State-owned enterprises have critical information security in the telecommunications sector given the high intensity of strategic data exchange and the sensitivity of the public services they provide. ISO/IEC 27001 has become an international standard that can be widely adopted to ensure systematic, measurable, and sustainable information security management. The telecommunications sector faces many information security risks due to its high dependence on digital infrastructure, the volume of sensitive data, and the increasing intensity of cyber threats. These conditions require us to implement strong security governance through audits based on the international standard ISO/IEC 27001. This study aims to evaluate the effectiveness of information security audits using the ISO/IEC 27001 framework in the telecommunications sector. This study uses a qualitative descriptive method based on audit documents and assessments based on Annex A of ISO/IEC 27001. The results show recurring audit patterns from year to year, weaknesses in several key controls, and irregularities in the follow-up improvement process.
Copyrights © 2026