Supplier Information Security Audit at Payment System Services Company PT XYZ
DOI:
https://doi.org/10.33022/ijcs.v13i4.4167Keywords:
IT Audit, information security, IT Governance, iso 27001, COBIT 5, Indeks KAMI 5.0, Supplier, Risk assessment methodologyAbstract
The relationship between companies and suppliers is one of the manifestations of the company's resource strategy to remain productive and competitive. However, suppliers also create information security risks, such as cybersecurity threats and data protection. To ensure the security of the company's information assets, PT XYZ implements an information security management system based on ISO / IEC 27001: 2022 for all company information assets, both managed by internal and external parties (suppliers). Therefore, this research aims to measure suppliers' criticality level with an information technology asset risk management approach. The company will evaluate the critical suppliers's information security control implementation through systematic monitoring processes such as audits and due diligence. The results of this study indicate that two suppliers at PT XYZ with a high level of criticality need to be audited, and three suppliers with a medium level of criticality need to conduct due diligence.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Farroh Sakinah Mulyadi, Rizal Fathoni Aji
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.