In the digital era which is increasingly advanced and will continue to develop, information security has become an increasingly important issue and is always paid attention to by companies in various sectors. Threats to information security are increasingly diverse and complex, therefore, it is important for every company to be able to protect the information they hold carefully and effectively. By understanding the importance of information security and implementing the right approach, organizations can effectively protect their information, reduce risk, and maintain customer trust and a good reputation in a digital era full of security challenges.

Small companies to large companies store a lot of information they own and rarely contain information from external parties too. The information held is confidential and only certain parties can know or obtain this information. To help companies overcome this, there is the concept of an information security management system (ISMS) to help take a systematic approach to the safety of information throughout the organization, including by identifying and managing risks. Therefore, the ISO 27001 standard details the requirements for establishing, maintaining and continuing improve ISMS.

In October 2005, BS7799-2 was officially adopted as ISO 27001. Since then there have been several updates: in 2007, ISO 17799 was renamed ISO 27002. And in 2017, ISO/IEC 27001:2013 was published as the latest version of the standard, incorporating minor changes in wording and formatting. ISO 27001 is the most well-known standard for information security management systems (ISMS), this standard defines what requirements must be met by ISMS. This standard provides guidance to companies for establishing, implementing, maintaining and continually improving information security. If a company has been standardized on ISO 27001, it is hoped that it has identified risk management related to the security of data owned or handled by the company, and this system respects all best practices and principles.

The benefits of companies that strive to be standardized or have been standardized on ISO 27001 will definitely gain credibility and trust from the customer’s point of view, they will feel safe when collaborating with the company. To obtain the requirements that must be fulfilled, these include clauses 4 – 10 contained in ISO 27001:2013, and in general the benefits that the company will obtain include:

• Protect all information held relating to employees and customers, whether digital, hardcopy or in cloud form
• Anticipate cyber attacks
• Manage information system security risks appropriately and effectively
• Increase employee awareness and involvement in managing information security

The principle of ISO 27001 is to protect the confidentiality, integrity and availability of information.

Confidentiality : Seperangkat aturan yang membatasi akses menuju informasi

Integrity : guarantee that the information can be trusted and is accurate information

Availability : Concepts and information are always available when needed by parties who have access or authority