Orbit: Jurnal Ilmu Multidisiplin Nusantara

Vol 2. No 4. (2026)

Articles

Evaluation of The Effectiveness of ISO\IEC 27001 Based Information Security Audits in State-Owned Telecommunications Companies (Case Study of PT Telkom Indonesia)

Paras Nurhidayati -Universitas Bhayangkara Jakarta Raya, Jakarta, Indonesia
Achmad Fauzi Universitas Bhayangkara Jakarta Raya, Jakarta, Indonesia
Nayla Shafiya Paramita Universitas Bhayangkara Jakarta Raya, Jakarta, Indonesia
Renata Viranisa Universitas Bhayangkara Jakarta Raya, Jakarta, Indonesia
Syalvina Nurhaura Putri Universitas Bhayangkara Jakarta Raya, Jakarta, Indonesia
Published: 2026-06-18 DOI: 10.63217/orbit.v2i4.293

Abstract

State-owned enterprises have critical information security in the telecommunications sector given the high intensity of strategic data exchange and the sensitivity of the public services they provide. ISO/IEC 27001 has become an international standard that can be widely adopted to ensure systematic, measurable, and sustainable information security management. The telecommunications sector faces many information security risks due to its high dependence on digital infrastructure, the volume of sensitive data, and the increasing intensity of cyber threats. These conditions require us to implement strong security governance through audits based on the international standard ISO/IEC 27001. This study aims to evaluate the effectiveness of information security audits using the ISO/IEC 27001 framework in the telecommunications sector. This study uses a qualitative descriptive method based on audit documents and assessments based on Annex A of ISO/IEC 27001. The results show recurring audit patterns from year to year, weaknesses in several key controls, and irregularities in the follow-up improvement process.

Keywords

ISO/IEC 27001 Security Audit Information State-Owned Telecommunications Companies Audit Effectiveness Annex A

References

Boehmer, W. (2008). Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001. 2008 Second International Conference on Emerging Security Information, Systems and Technologies, 224–231. https://doi.org/10.1109/SECURWARE.2008.7

Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security, 04(02), 92–100. https://doi.org/10.4236/jis.2013.42011

DNV. (2021). Insights from auditing information security management systems. https://www.dnv.com/article/insights-from-auditing-information-security-management-systems-162216/

Lastyono Putra, E., Cahyo Hidayanto, B., & Maria Astuti, H. (2014). Evaluation of Information Security in the Network of Broadband Division of PT. Telekomunikasi Indonesia Tbk. Using the Information Security Index (KAMI). 3(2).

Naumann, M. M., Olaru, S. M., Lampe, G. S., & Pitz, F. (2024). Analysis of Relationships between Non-conformities, Process Maturity and Continual Improvement in Information Security Management Systems. Proceedings of the International Conference on Business Excellence, 18(1), 494–506. https://doi.org/10.2478/picbe-2024-0043

Neaxie, L. v, & Siregar, K. R. (2014). Implementation Analysis Of Information Security Through Quality Standards ISO 27001 for Internet Services. www.isclo.com

Phirke, A., & Ghorpade-Aher, J. (2019). Best practices of auditing in an organization using ISO 27001 standard. International Journal of Recent Technology and Engineering, 8(2 Special Issue 3), 691–695. https://doi.org/10.35940/ijrte.B1128.0782S319

Prabowo, W. A. (2024). Developing Compliant Audit Information System for Information Security Index: A Study on Enhancing Institutional and Organizational Audits using Web-based Technology and ISO 25010:2011 Total Quality of Use Evaluation. JOIV: International Journal on Informatics Visualization, 8(1), 343. https://doi.org/10.62527/joiv.8.1.1845

Serliana Serliana, & Joy Nashar Utamajaya. (2025a). Integrated Approach to Information System Auditing: Assessing the Security and Effectiveness of IT Management in the Industry 4.0 Era. JOURNAL OF SCIENCE, TECHNOLOGY AND INFORMATION, 3(2), 7–16. https://doi.org/10.59024/jiti.v3i2.1162

Serliana Serliana, & Joy Nashar Utamajaya. (2025b). An Integrated Approach to Information System Auditing: Assessing the Security and Effectiveness of IT Management in the Industry 4.0 Era. SCIENTIFIC JOURNAL OF SCIENCE, TECHNOLOGY AND INFORMATION, 3(2), 7–16. https://doi.org/10.59024/jiti.v3i2.1162

Sharma, N. K., & Dash, P. K. (2012). EFFECTIVENESS OF ISO 27001, AS AN INFORMATION SECURITY MANAGEMENT SYSTEM: AN ANALYTICAL STUDY OF FINANCIAL ASPECTS. In Far East Journal of Psychology and Business (Vol. 9, Issue 3). www.fareastjournals.com

Slapničar, S., Vuko, T., Čular, M., & Drašček, M. (2022). Effectiveness of cybersecurity audit. International Journal of Accounting Information Systems, 44, 100548. https://doi.org/10.1016/j.accinf.2021.100548

Waluyan, G., & Manuputty, A. D. (2016). Evaluation of IT Governance Performance on the Implementation of the Starclick Framework COBIT 5 Information System (Case Study: PT. Telekomunikasi Indonesia, Tbk Semarang). National Journal of Technology and Information Systems, 2(3), 157–166. https://doi.org/10.25077/TEKNOSI.v2i3.2016.157-166