Sistemasi: Jurnal Sistem Informasi
Vol 15, No 6 (2026): Sistemasi: Jurnal Sistem Informasi

Internal Compliance Audit of the Information Security Management System in a Cybersecurity Company based on ISO/IEC 27001

Sterevania Rambu Muna (Program Studi Sistem Informasi Universitas Kristen Duta Wacana Yogyakarta, Indonesia)
Halim Budi Santoso (Program Studi Sistem Informasi Fakultas Teknologi Informasi Universitas Kristen Duta Wacana Yogyakarta)
Jong Jek Siang (Program Studi Sistem Informasi Universitas Kristen Duta Wacana Yogyakarta, Indonesia)



Article Info

Publish Date
30 Jun 2026

Abstract

Information Security Management Systems (ISMSs) require periodic evaluation to assess their level of compliance with established standards and frameworks. This study evaluates the implementation of an Information Security Management System in an Indonesian cybersecurity services company, with a particular focus on the Compliance Division and the Security Operations Center (SOC). The case study was selected because the organization's ISMS had not been implemented consistently, particularly regarding the regular updating of security policies and operational procedures. As a cybersecurity service provider, the company is expected to conduct periodic compliance assessments to ensure alignment with recognized information security management standards, such as ISO/IEC 27001:2022. The study employed a Gap Analysis approach that combined qualitative and quantitative data. Data were collected through direct observation and a review of internal documentation after obtaining the company's authorization. The results indicate an overall compliance level of 77.5%. Three control areas achieved full compliance: the timely execution of internal audits, incident documentation, and log management. Based on the identified gaps, a set of improvement recommendations was developed to assist the organization in achieving greater compliance with the requirements of ISO/IEC 27001:2022. This study provides practical contributions by demonstrating the application of the ISO/IEC 27001:2022 framework for conducting internal compliance audits of Information Security Management Systems and offering actionable recommendations for strengthening organizational information security governance.

Copyrights © 2026






Journal Info

Abbrev

stmsi

Publisher

Subject

Computer Science & IT Electrical & Electronics Engineering

Description

Sistemasi adalah nama terbitan jurnal ilmiah dalam bidang ilmu sains komputer program studi Sistem Informasi Universitas Islam Indragiri, Tembilahan Riau. Jurnal Sistemasi Terbit 3x setahun yaitu bulan Januari, Mei dan September,Focus dan Scope Umum dari Sistemasi yaitu Bidang Sistem Informasi, ...