Evaluation of ISO 27001 implementation towards information security of cloud service customer in PT. IndoDev Niaga Internet

Abstract

Listen

Translate article

Every organization must ensure that information assets are protected and information security system has been implemented well. PT. IndoDev Niaga Internet is a provider of business solutions applications and implementation services that include application Human Resource Information System (HRIS) and Enterprise Resource Planning (ERP). In order to ensure the security of the information, then in 2015 PT. IndoDev Niaga Internet implement ISO 27001: 2013. Through the implementation of ISO 27001: 2013, it is expected that information can be properly maintained, which in turn will affect the business continuity. Companies need to know the extent to which the process has been applied and what actions can be done to improve the performance of the application of ISO 27001: 2013. Factor analysis was conducted first to determine the factors that affect to the information security. After the factors that affect to the information security known, then observation and interview conducted to gather data about PT. IndoDev Niaga Internet ISO 27001:2013 implementation according to the factors that affect. And then recommendation and corrective action developed using gap analysis method. The most influential factor to the security of customer information PT. IndoDev Niaga Internet is a factor access control and security operations. For the audit results IS027001: 2013 from the aspect of access control, they found 11 check items that fit into the category of NC (Non-Conformance) of 33 check items in which 9 of them in the category of major and two remaining categories minor, while for operations security aspects of the 12 check items, found 5 that goes into the category of NC (Non-Conformance) and everything was included into the category of minor.