A Comprehensive Case Study Implementation Recommendations 11 New information security controls ISO 27001:2022 at XYZ HealthTech Company

A Comprehensive Case Study on Enhancing Compliance and Cybersecurity at HealthTech Company

Authors

  • Bimantoro Suryo Wibowo University of Indonesia
  • Rizal Fathoni Aji Universitas Indonesia

DOI:

https://doi.org/10.33022/ijcs.v13i4.4166

Keywords:

information security, iso 27001, compliance, gap analysis, annex controls

Abstract

This study aims to recommend the implementation of new annex controls in ISO 27001:2022, guided by ISO 27002:2022, for PT XYZ. The research questions addressed are: (1) What are the existing gaps between PT XYZ's current information security controls and the requirements of ISO 27001:2022? (2) What specific recommendations can close these gaps? Using a qualitative case study approach, data were collected in May 2024 through purposive sampling, interviews, observations, and document analysis. Findings reveal that while some controls are partially implemented, others lack full documentation and SOPs. Detailed recommendations were provided to ensure compliance with updated standards, emphasizing formalization into SOPs. This study offers practical guidance for organizations transitioning to ISO 27001:2022, enhancing cybersecurity readiness and compliance with stringent data protection regulations.

Downloads

Published

25-07-2024