Evaluasi Statement of Applicability ISO 27001:2022 melalui Audit Surveilans pada Pusat Data Internal

Christiaan  Widharto; Maria Angela Kartawidjaja

doi:10.25170/jpk.v3i02.7631

Authors

Christiaan Widharto Program Studi Program Profesi Insinyur, Fakultas Biosains, Teknologi, dan Inovasi, Universitas Katolik Indonesia Atma Jaya
Maria Angela Kartawidjaja Program Studi Program Profesi Insinyur, Fakultas Biosains, Teknologi, dan Inovasi, Universitas Katolik Indonesia Atma Jaya

DOI:

https://doi.org/10.25170/jpk.v3i02.7631

Keywords:

ISO/IEC 27001:2022, Surveillance Audit, Statement of Applicability, Information Security Management System, Data Center Security

Abstract

This study evaluates the effectiveness of the Statement of Applicability (SoA) through an ISO/IEC 27001:2022 surveillance audit on the internal data center infrastructure of PT ABC. The audit was conducted by an independent certification body to verify continual compliance, assess the effectiveness of the Information Security Management System (ISMS), review previous audit results, and identify opportunities for improvement. The audit program was developed in accordance with ISO 19011:2018 and ISO/IEC 17021-1:2015 using a systematic and riskbased approach. The evaluation focused on the alignment between implemented controls and the documented SoA, based on Annex A control domains. No nonconformities or discrepancies were identified, although three Opportunities for Improvement (OFIs) were recorded. The results confirm that the ISMS is compliant and effective, supporting the continuation of ISO/IEC 27001:2022 certification.

References

International Organization for Standardization. (2015). ISO/IEC 17021-1:2015 – Conformity assessment: Requirements for bodies providing audit and certification of management systems.

International Organization for Standardization. (2018). ISO 19011:2018 – Guidelines for auditing management systems.

International Organization for Standardization. (2022). ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection: Information security management systems.

International Organization for Standardization. (2022). ISO/IEC 27002:2022 – Information security, cybersecurity and privacy protection: Information security controls.

Otoritas Jasa Keuangan Republik Indonesia. (2024). Peraturan Otoritas Jasa Keuangan Nomor 36 Tahun 2024 tentang Perubahan atas Peraturan Otoritas Jasa Keuangan Nomor 69/POJK.05/2016 tentang Penyelenggaraan Usaha Perusahaan Asuransi, Perusahaan Asuransi Syariah, Perusahaan Reasuransi, dan Perusahaan Reasuransi

Syariah. Jakarta: OJK.

United Registrar of Systems. (2024). BM-10: Auditor Field Manual. London: URS.

Evaluasi Statement of Applicability ISO 27001:2022 melalui Audit Surveilans pada Pusat Data Internal

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

Sidebar

ADDITIONAL MENU

Template

TEMPLATE

eissn

e-ISSN