A Comprehensive Case Study Implementation Recommendations 11 New information security controls ISO 27001:2022 at XYZ HealthTech Company
A Comprehensive Case Study on Enhancing Compliance and Cybersecurity at HealthTech Company
DOI:
https://doi.org/10.33022/ijcs.v13i4.4166Keywords:
information security, iso 27001, compliance, gap analysis, annex controlsAbstract
This study aims to recommend the implementation of new annex controls in ISO 27001:2022, guided by ISO 27002:2022, for PT XYZ. The research questions addressed are: (1) What are the existing gaps between PT XYZ's current information security controls and the requirements of ISO 27001:2022? (2) What specific recommendations can close these gaps? Using a qualitative case study approach, data were collected in May 2024 through purposive sampling, interviews, observations, and document analysis. Findings reveal that while some controls are partially implemented, others lack full documentation and SOPs. Detailed recommendations were provided to ensure compliance with updated standards, emphasizing formalization into SOPs. This study offers practical guidance for organizations transitioning to ISO 27001:2022, enhancing cybersecurity readiness and compliance with stringent data protection regulations.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Bimantoro
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.