Supplier Information Security Audit at Payment System Services Company PT XYZ

Authors

  • Farroh Sakinah Mulyadi universitas indonesia
  • Rizal Fathoni Aji Universitas Indonesia

DOI:

https://doi.org/10.33022/ijcs.v13i4.4167

Keywords:

IT Audit, information security, IT Governance, iso 27001, COBIT 5, Indeks KAMI 5.0, Supplier, Risk assessment methodology

Abstract

The relationship between companies and suppliers is one of the manifestations of the company's resource strategy to remain productive and competitive. However, suppliers also create information security risks, such as cybersecurity threats and data protection. To ensure the security of the company's information assets, PT XYZ implements an information security management system based on ISO / IEC 27001: 2022 for all company information assets, both managed by internal and external parties (suppliers). Therefore, this research aims to measure suppliers' criticality level with an information technology asset risk management approach. The company will evaluate the critical suppliers's information security control implementation through systematic monitoring processes such as audits and due diligence. The results of this study indicate that two suppliers at PT XYZ with a high level of criticality need to be audited, and three suppliers with a medium level of criticality need to conduct due diligence.

 

Downloads

Published

25-07-2024