ISMS GOVERNANCE IMPROVEMENT STRATEGY BASED ON ISO/IEC 27001:2022 IN THE UNIVERSITY INFORMATION TECHNOLOGY UNIT

Siti Kholijah

doi:10.61992/jiem.v8i2.383

Siti Kholijah

DOI: https://doi.org/10.61992/jiem.v8i2.383

Keywords: ISMS, ISO/IEC 27001:2022, Higher Education, Information Security Governance, Gap Analysis.

Abstract

This study evaluates the implementation of an ISO/IEC 27001:2022-based Information Security Management System (ISMS) in an information technology unit at a university. The method used is quantitative descriptive with Gap Analysis, through observation, documentation study, and a compliance questionnaire for 93 Annex A controls. The results show that ISMS implementation is at a moderate level with a medium compliance category. Most controls have been implemented according to SOPs (40% with a score of 3), but there are still obstacles in the form of uneven control implementation (16% with a score of 0) and a lack of formal documentation (14% with a score of 1). The effectiveness of ISMS is influenced by management support, documentation standardization, and a culture of information security awareness. This study recommends improving documentation, strengthening internal audits, and preparing for international certification through an ISMS development roadmap to strengthen the university's information security resilience against cyber threats.

References

Bakri, M., & Irmayana, N. (2017). Analisis Dan Penerapan Sistem Manajemen Keamanan Informasi SIMHP BPKP MENGGUNAKAN STANDAR ISO 27001. Jurnal Tekno Kompak, 11(2), 41. https://doi.org/10.33365/jtk.v11i2.162
Basuki, H. E. U. A., Hafiz, A., & Sallu, S. (2026). Implementasi Sistem Manajemen Keamanan Informasi Iso/Iec 27001:2022 pada Unit Teknologi Informasi Perguruan Tinggi. REMIK: Riset Dan E-Jurnal Manajemen Informatika Komputer, 10(1), 396–406. https://doi.org/10.33395/remik.v10i1.15907
Damanik, A. P., Zaki, A., Fiddarain, S., & Nasution, A. B. (2023). Implementasi ISO 27001:2013 Dalam Pengamanan Sistem Informasi Pada Yayasan Pendidikan Islam ANNUR PRIMA. Jurnal Sains dan Teknologi (JSIT), 3(1), 74–79. https://doi.org/10.47233/jsit.v3i1.488
Goeritno, A., & Hendrawan, A. H. (2016). Implementasi Iso/Iec 27001:2013 Untuk Sistem Manajemen Keamanan Informasi (Smki) Pada Fakultas Teknik UIKA-BOGOR.
Hendayun, M., & Zulianto, A. (2019). Audit Keamanan Sistem Informasi Akademik Stikes Jenderal Achmad Yani Menggunakan SNI ISO/IEC 27001:2013.
Izzani, M., Nellatul, N., Ismatul, A., & Hamdani, A. (2026). Evaluasi penerapan Kemanan Informasi Pada SIAKAD Universitas Ibrahimy Berbasis ISO/IEC 27001:2022. Jurnal Ilmiah Sistem Informasi, 5(1), 175–185. https://doi.org/10.51903/d3bktm29
Laily, A. T. N., & Siahaan, D. T. (2023). Peran Sertifikasi ISO 27001:2013 Untuk Scale Up Business Startup Delman.IO. Jurnal UDA, 31(5), 216–227. https://doi.org/10.46930/ojsuda.v31i5.3802
Pia Suci Lestari, Fatimah Zahra Tambunan, Ariq Wiratama Nasution, Monika Amelia Manurung, Ropika, Cherine Lita Purnama Panjaitan, & Dear Selvanathan Sinaga. (2025). Implementasi ISO 27001 dalam Meningkatkan Kepercayaan Pengguna dalam Sektor Industri: Penelitian. Jurnal Pengabdian Masyarakat dan Riset Pendidikan, 4(1), 1152–1167. https://doi.org/10.31004/jerkin.v4i1.1565
Putra, A. A., Nurhayati, O. D., & Windasari, I. P. (2016). Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO/IEC 20071. Jurnal Teknologi dan Sistem Komputer, 4(1), 60. https://doi.org/10.14710/jtsiskom.4.1.2016.60-66
Ramadhanty, N. (2024). Implementasi Kerangka Keamanan NIST Dan ISO/IEC 27001 Dalam Menghadapi Ancaman Risiko Siber. Journal of Indonesian Management, 4(4). https://doi.org/10.53697/jim.v4i4.1973
Setiawan, S., & Wardhani, I. P. (2026). Evaluasi Efektivitas Pemetaan Keamanan Siber Dalam Penerapan Sistem Keamanan Informasi Berbasis ISO/IEC 27001:2022 PT JASA RAHARJA. JATI (Jurnal Mahasiswa Teknik Informatika), 10(2), 2787–2794. https://doi.org/10.36040/jati.v10i2.17827
Sholikhatin, S. A., Setyanto, A., & Luthfi, E. T. (2018). Analisis Keamanan Sistem Informasi Dengan ISO 27001 (Studi Kasus: Sistem Informasi Akademik Universitas Muhammadiyah Purwokerto). Jurnal Ilmiah IT CIDA, 4(1). https://doi.org/10.55635/jic.v4i1.75
Siregar, M. N. H. & Mardiah. (2025). Analisis Keamanan Data pada Sistem Informasi Menggunakan Metode ISO/IEC 27001. Jurnal Ilmu Komputer dan Teknik Informatika, 1(2), 58–64. https://doi.org/10.64803/juikti.v1i2.52
Warisaji, T. T., Wijaya, G., & Kurniawati, L. S. (2026). Perancangan Sistem Pengamanan Data Berdasarkan Standar ISO 27001 pada Lingkungan Laboratorium Teknik Informatika.
Zalukhu, D., Yasin, V., & Yulianto, A. B. (2025). Evaluasi Keamanan Sistem Informasi Akademik Di Stmik Jayakarta Berdasarkan ISO/IEC 27001:2022.