ANALYSIS OF THE IMPLEMENTATION OF ISO/IEC 27001:2013 STANDARDS IN PT. SULSELBAR BANK

Authors

  • Kristian Gala Nitro Institute of Business and Finance
  • Rahman Suwandaru Nitro Institute of Business and Finance
  • Muh. Ashary Anshar Nitro Institute of Business and Finance

DOI:

https://doi.org/10.53067/ijomral.v4i4.362

Keywords:

STANDARDISO/IEC 27001:2013

Abstract

This study aims to examine the implementation of the ISO/IEC 27001:2013 standard in optimizing the information security system at PT. Bank Sulselbar. This international standard is the main reference in information security management which includes structured policies, procedures, and technical controls to protect the confidentiality, integrity, and availability of data. This study uses a descriptive qualitative approach with a focus on analyzing the implementation and effectiveness of the ISO/IEC 27001:2013 standard and identifying potential weaknesses in the company's information security system. The main object of the study is how the information security management system (ISMS) based on ISO/IEC 27001:2013 has been implemented in the operational environment of Bank Sulselbar. Data were collected through interviews, observations, and documentation studies of work units relevant to information security.

The results of the study indicate that PT. Bank Sulselbar has implemented an ISO/IEC 27001:2013-based ISMS in a systematic and structured manner, which includes security policies, risk assessments, access control, and continuous monitoring and evaluation of the system. This implementation has been proven to increase the level of company information protection and strengthen resilience to cyber threats. However, this study also identified several weaknesses, including aspects of human resource awareness of the importance of information security and the need for increased periodic training. Thus, the implementation of ISO/IEC 27001:2013 has made a significant contribution in optimizing the information security system at PT. Bank Sulselbar, but continuous improvement is still needed in several aspects to achieve optimal effectiveness.

Downloads

Download data is not yet available.

References

Antariksa, H., Nugroho, L., & Fadillah, R. (2017). Manajemen Strategis dalam Organisasi. Jakarta: Mitra Wacana Media

Budio, R., Saputra, A., & Widodo, T. (2019). Strategi Bisnis dan Pengambilan Keputusan. Yogyakarta: Graha Ilmu

Castells, M. (2004). The network society: A cross-cultural perspective. Edward Elgar Publishing

Creswell, J. W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (4th ed.). Thousand Oaks, CA: SAGE Publications

Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory Based Research Agenda. Information Systems Frontiers

Jogiyanto, H. M. (1999). Analisis dan desain sistem informasi: pendekatan terstruktur teori dan praktek aplikasi bisnis. Andi Offset

Loudon, K. C., & Loudon, J. P. (2004). Management information systems: Managing the digital firm (9th ed.). Pearson Education

Lucas, H. C. (2000). Information technology and the productivity paradox: Assessing the value of investing in IT. Oxford University Press

Martí Calatayud, M. C., et al. (2022). Research on the Impact of Information Security Certification and Concealment on Financial Performance. Journal of Global Information Management.

Miarso, Y. (2007). Menyemai benih teknologi pendidikan. Kencana Prenada Media Group

Nuryanto, E. (2012). Teknologi informasi dan komunikasi dalam organisasi. Graha Ilmu

Peraturan Jasa Keuangan (POJK) Nomor 11/POJK.03/2022 Tentang Penyelenggaraan Teknologi Informasi Oleh Bank Umum

Persari, D., Utomo, B., & Ramadhan, F. (2018). Formulasi Strategi dan Keunggulan Bersaing. Surabaya: Laksana Ilmu

Riyadi, S. (2019). Manajemen Umum: Konsep dan Aplikasi. Bandung: Alfabeta

SCIRP (2023). Study the Effectiveness of ISO 27001 to Mitigate the Cyber Security Threat. SCIRP Journal

Sidharta, I. (1995). Sistem informasi manajemen. Informatika Bandung

Srivastava, A., Rizvi, S., & Priya, K. (2023). ISO 27001 in Banking: An Evaluation of Its Implementation and Effectiveness in Enhancing Information Security. Finance & Accounting Research Journal, 5(12), 405–425. DOI: 10.51594/farj.v5i12.684

Sugiyono. (2017). Metode Penelitian Kualitatif, Kuantitatif dan R&D. Bandung: Alfabeta

Surat Edaran OJK Nomor 29/SEOJK.03/2022 Tentang Ketahanan dan Keamanan Siber Bagi Bank Umum.

Wike, R. (2021). Digitalisasi Layanan Perbankan di Era Modern. Jakarta: Prenada Media.

Downloads

Published

2025-07-30

How to Cite

Gala, K. ., Suwandaru, R. . ., & Anshar, M. A. . (2025). ANALYSIS OF THE IMPLEMENTATION OF ISO/IEC 27001:2013 STANDARDS IN PT. SULSELBAR BANK. International Journal of Multidisciplinary Research and Literature, 4(4), 771–783. https://doi.org/10.53067/ijomral.v4i4.362

Issue

Vol. 4 No. 4 (2025): INTERNATIONAL JOURNAL OF MULTIDISCIPLINARY RESEARCH AND LITERATURE

Section

Articles

License

Copyright (c) 2025 Kristian Gala, Rahman Suwandaru, Muh. Ashary Anshar

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.