ISO 27001

ISO 27001 is a standard document for Information Security Management System commonly called ISMS, which provides a general description of what a company should do in their efforts to evaluate, implement, and maintain information security in the company based on “best practice” in information security.

Information security is a process of protecting information to ensure the following:

• Confidentiality: Ensuring that information can only be accessed by authorized parties.
• Integrity: Ensuring that information remains accurate and complete, and that information is not modified without express authorization.
• Availability: Ensuring that information can be accessed by authorized parties when needed.

Function

Information Security Management System/ISO 27001 ensures that every organization keeps information assets safe and secure, by building an information security infrastructure against the risk of loss, damage or other threats. It helps organizations to carry out continuous improvement in the management of information security and increase the effectiveness and reliability of information security.

ISO 27001 also as work reference, so that employees can work without errors or with minimal errors. As proof of system implementation and required to trace when problems occur.

A growing institution/organization will be required to improve the security of information assets. If the company already has an ISO 27001 certificate, it will be more helpful for employees to manage information risk in a clear and planned manner.

Reference:

• Angel R. Otero. (2019). Information Technology Control. 5th. CRC Press. Boca Raton.
• https://wqa.co.id/27001-
  2/#:~:text=ISO%2027001%20atau%20ISMS%20(%20Information,%2C%20prosedur
  %2C%20struktur%20organisasi%2C%20serta