Utilization of ISO 27001 in Information System Security Governance Assessment at PT XYZ
Authors
| Issue | Vol. 1 No. 1 (2026) |
| Published | 11 February 2026 |
| Versions |
18 February 2026 (3)
12 February 2026 (2) 11 February 2026 (1) |
| Section | Articles |
| Categories | Info Govita |
| Pages | 62-69 |
Abstract
PT XYZ focuses on supplying, distributing and managing clean water sources for the people. The problem faced is that PT XYZ does not yet have a security management system to carry out mitigation actions other than the data backup process which is carried out every day. Having data backup alone is not enough to protect the security of a company's information system. The research method used in this research is a qualitative method where the data obtained comes from observations and interviews. This research was carried out with the results recommended at identifying improvements to significantly increase security for the Company. The choice of ISO 27001:2013 as the framework for carrying out this research evaluation is because ISO itself is a good standard for solving problems that occur at PT XYZ, this standard is very flexible to develop and really depends on the needs of the organization.
Keywords: Governance, Information System Security, ISO 27001:2013