Information Security Management System (ISMS) at BPJS Kesehatan Tondano: Implementation of ISO 27001:2022 Standard

Randa Matthew Iroth

doi:10.53756/jjkn.v5i1.247

Submitted

18 June 2024

Accepted

4 June 2025

Published

30 June 2025

Download

PDF

Statistic

Read Counter : 792 Download : 482

Abstract

Information security is crucial for organizations managing sensitive data in the digital era. This is especially true for institutions like the Social Security Administrative Body for Health (BPJS Kesehatan), which organizes social health security for the Indonesian people and handles various important information, including participant, medical, and financial data. However, as threats to information security increase, organizations need to implement an effective information security management system. This research examines the implementation of the Information Security Management System (ISMS) based on the ISO 27001:2022 standard at the Tondano BPJS Kesehatan Branch Office. The methodology of the research is descriptive qualitative. The research results indicate that implementing the ISMS has improved overall data security. This is achieved through regular data backups and storing servers in locked rooms. In addition, implementing the ISO 27001:2022 standard reduces information security risks by providing clear guidance on data security management, including antivirus updates, access restrictions, and password management. The main challenges in implementing the ISMS are limited IT infrastructure resources and employee resistance to changes in IT security procedures. Despite these challenges, implementing the ISO 27001:2022 standard at the Tondano BPJS Kesehatan Branch Office has improved information security and strengthened the trust of customers and business partners

Keywords

Teknolgi Informasi Sistem Manajemen Keamanan Informasi ISO 27001:2022 Information Technology ISO 27001:2022 Social Health Security

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Iroth, R. M. (2025). Information Security Management System (ISMS) at BPJS Kesehatan Tondano: Implementation of ISO 27001:2022 Standard. Jurnal Jaminan Kesehatan Nasional, 5(1), 62–74. https://doi.org/10.53756/jjkn.v5i1.247

Download Citation

References

Apeh, A. J., Hassan, A. O., Oyewole, O. O., Fakeyede, O. G., Okeleke, P. A., & Adaramodu, O. R. (2023). GRC strategies in modern cloud infrastructures: A review of compliance challenges. Computer Science & IT Research Journal, 4(2), 111–125. https://doi.org/10.51594/csitrj.v4i2.609
Drljača, D., & Latinović, B. (2016). Frameworks for audit of an information system in practice. JITA-APEIRON, 12(2).
Jannah, M., Hidayat, M. F., Agustiyyani, M., Buana, P. W., & Purwani, F. (2024). Implementasi Autentikasi Biometrik untuk Meningkatkan Keamanan dan Privasi Pengguna Dompet Digital. Journal of Scientech Research and Development, 6(2), 531-539. https://idm.or.id/JSCR/index.php/JSCR/article/view/606
Fatih, D., & Aji, R. F. (2024). Evaluasi Keamanan Informasi Menggunakan ISO/IEC 27001: Studi Kasus PT XYZ. J-SAKTI (Jurnal Sains Komputer dan Informatika), 8(1), 72-84. http://dx.doi.org/10.30645/j-sakti.v8i1.767
Fauzi, R. (2018). Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002. JTERA (Jurnal Teknologi Rekayasa), 3(2), 3. https://jtera.polteksmi.ac.id/index.php/jtera/article/view/97/97
Kornelia, A., & Irawan, D. (2021). Analisis keamanan informasi menggunakan tools Indeks Kami ISO 4.1. Jurnal Pengembangan Sistem Informasi dan Informatika, 2(2), 78–86. https://doi.org/10.47747/jpsii.v2i2.548
Lambi, M. (2023). Sistem Informasi Manajemen AI (Artificial Intellegent) as the Future Management System. Uwais Inspirasi Indonesia.
Lenawati, M., & Winarno, W. W. (2017). Tata Kelola Keamanan Informasi Pada PDAM Menggunakan ISO/IEC 27001: 2013 Dan Cobit 5. Speed-Sentra Penelitian Engineering dan Edukasi, 9(1). http://speed.web.id/jurnal/index.php/speed/article/view/220
Malatji, M. (2023). Management ofenterprise cyber security: Areview of ISO/IEC 27001:2022. International Conference On Cyber Management And Engineering (CyMaEn), 117–122. https://doi.org/10.1109/CyMaEn57228.2023.10051114
Pamungkas, W. C., & Saputra, F. T. (2020). Evaluasi Keamanan Informasi Pada SMA N 1 Sentolo Berdasarkan Indeks Keamanan Informasi (KAMI) ISO/IEC 27001: 2013. Jurnal Sistem Komputer dan Informatika (JSON), 1(2), 101-106. http://dx.doi.org/10.30865/json.v1i2.1924
Paramita, S., Siregar, S. A., Damanik, R. A., & Irawan, M. D. (2022). Analisis Manejemen Resiko Keamanan Data Sistem Informasi Berdasarkan Indeks Keamanan Informasi (KAMI) ISO 27001: 2013. Bulletin of Information Technology (BIT), 3(4), 374-379. https://doi.org/10.47065/bit.v3i4.421
Prawiranata, R. T. A. (2024). Sistem Manajemen Keamanan Informasi (SMKI) di PT. Surveyor Indonesia Cabang Surabaya: Penerapan Standar ISO 27001: 2013. ULIL ALBAB: Jurnal Ilmiah Multidisiplin, 3(6), 105-112. https://doi.org/10.56799/jim.v3i6.3472
Pujiani, F., & Bisma, R. (2024). Strategi Optimalisasi Manajemen Konfigurasi untuk Keamanan Informasi Berdasarkan ISO/IEC 27001: 2022. Journal of Emerging Information System and Business Intelligence (JEISBI), 5(3), 223-228. https://ejournal.unesa.ac.id/index.php/JEISBI/article/view/63358
Sinaga, R. (2023). Pengembangan Model Penilaian Kepatuhan Salah Satu Perguruan Tinggi Terhadap Standar ISO 27001: 2022. Jurnal Teknik Informatika dan Sistem Informasi, 9(3), 381-394. https://doi.org/10.28932/jutisi.v9i3.6850
Soesanto, E., Kurniasih, F., Mutiara, P., & Afifi, S. T. (2023). Sistem manajemen keamanan informasi dengan standar ISO/IEC 27001 dan ISO/ICE 27002 pada PT Jasa Marga. Co-Creation: Jurnal Ilmiah Ekonomi Manajemen Akuntansi dan Bisnis, 1(4), 169-179. https://jurnal.arkainstitute.co.id/index.php/co-creation/article/view/700
Suryono, I. (2023). Isms Evaluasi Penilaian Mandiri Penerapan SMKI Di Lingkungan Lembaga Awdx: Evaluasi implementasi SMKI. JUPIK: Jurnal Penelitian Ilmu komputer, 1(1). https://mypublikasi.com/index.php/JUPIK/article/view/3
Winanti, M. B., & Dzulhan, I. (2018). Audit Keamanan Sistem Informasi Akademik Dengan Kerangka Kerja ISO 27001 Di Program Studi Sistem Informasi Unikom. Majalah Ilmiah Unikom, 16(2), 121-131. https://ojs.unikom.ac.id/index.php/jurnal-unikom/article/view/1355
Tim Redaksi BSSN. (2022). Lanskap Keamanan Siber Indonesia 2022. Badan Sandi Dan Siber Negara.
Yustanti, W., Bisma, R., Qoriah, A., & Prihanto, A. (2018). Keamanan Sistem Informasi. Sidoarjo: Zifatama Jawara.
Zendrato, N., & Zarlis, M. (2018). Analisis Keamanan Data Dengan Pengformatan Media Penyimpanan Dengan Metode OS Format Dan Low Level Format. In Prosiding Seminar SeNTIK (Vol. 2, No. 1, pp. 146-151). https://ejournal.jak-stik.ac.id/files/journals/2/articles/sentik2018/3162/3162.pdf

References

Apeh, A. J., Hassan, A. O., Oyewole, O. O., Fakeyede, O. G., Okeleke, P. A., & Adaramodu, O. R. (2023). GRC strategies in modern cloud infrastructures: A review of compliance challenges. Computer Science & IT Research Journal, 4(2), 111–125. https://doi.org/10.51594/csitrj.v4i2.609

Drljača, D., & Latinović, B. (2016). Frameworks for audit of an information system in practice. JITA-APEIRON, 12(2).

Jannah, M., Hidayat, M. F., Agustiyyani, M., Buana, P. W., & Purwani, F. (2024). Implementasi Autentikasi Biometrik untuk Meningkatkan Keamanan dan Privasi Pengguna Dompet Digital. Journal of Scientech Research and Development, 6(2), 531-539. https://idm.or.id/JSCR/index.php/JSCR/article/view/606

Fatih, D., & Aji, R. F. (2024). Evaluasi Keamanan Informasi Menggunakan ISO/IEC 27001: Studi Kasus PT XYZ. J-SAKTI (Jurnal Sains Komputer dan Informatika), 8(1), 72-84. http://dx.doi.org/10.30645/j-sakti.v8i1.767

Fauzi, R. (2018). Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002. JTERA (Jurnal Teknologi Rekayasa), 3(2), 3. https://jtera.polteksmi.ac.id/index.php/jtera/article/view/97/97

Kornelia, A., & Irawan, D. (2021). Analisis keamanan informasi menggunakan tools Indeks Kami ISO 4.1. Jurnal Pengembangan Sistem Informasi dan Informatika, 2(2), 78–86. https://doi.org/10.47747/jpsii.v2i2.548

Lambi, M. (2023). Sistem Informasi Manajemen AI (Artificial Intellegent) as the Future Management System. Uwais Inspirasi Indonesia.

Lenawati, M., & Winarno, W. W. (2017). Tata Kelola Keamanan Informasi Pada PDAM Menggunakan ISO/IEC 27001: 2013 Dan Cobit 5. Speed-Sentra Penelitian Engineering dan Edukasi, 9(1). http://speed.web.id/jurnal/index.php/speed/article/view/220

Malatji, M. (2023). Management ofenterprise cyber security: Areview of ISO/IEC 27001:2022. International Conference On Cyber Management And Engineering (CyMaEn), 117–122. https://doi.org/10.1109/CyMaEn57228.2023.10051114

Pamungkas, W. C., & Saputra, F. T. (2020). Evaluasi Keamanan Informasi Pada SMA N 1 Sentolo Berdasarkan Indeks Keamanan Informasi (KAMI) ISO/IEC 27001: 2013. Jurnal Sistem Komputer dan Informatika (JSON), 1(2), 101-106. http://dx.doi.org/10.30865/json.v1i2.1924

Paramita, S., Siregar, S. A., Damanik, R. A., & Irawan, M. D. (2022). Analisis Manejemen Resiko Keamanan Data Sistem Informasi Berdasarkan Indeks Keamanan Informasi (KAMI) ISO 27001: 2013. Bulletin of Information Technology (BIT), 3(4), 374-379. https://doi.org/10.47065/bit.v3i4.421

Prawiranata, R. T. A. (2024). Sistem Manajemen Keamanan Informasi (SMKI) di PT. Surveyor Indonesia Cabang Surabaya: Penerapan Standar ISO 27001: 2013. ULIL ALBAB: Jurnal Ilmiah Multidisiplin, 3(6), 105-112. https://doi.org/10.56799/jim.v3i6.3472

Pujiani, F., & Bisma, R. (2024). Strategi Optimalisasi Manajemen Konfigurasi untuk Keamanan Informasi Berdasarkan ISO/IEC 27001: 2022. Journal of Emerging Information System and Business Intelligence (JEISBI), 5(3), 223-228. https://ejournal.unesa.ac.id/index.php/JEISBI/article/view/63358

Sinaga, R. (2023). Pengembangan Model Penilaian Kepatuhan Salah Satu Perguruan Tinggi Terhadap Standar ISO 27001: 2022. Jurnal Teknik Informatika dan Sistem Informasi, 9(3), 381-394. https://doi.org/10.28932/jutisi.v9i3.6850

Soesanto, E., Kurniasih, F., Mutiara, P., & Afifi, S. T. (2023). Sistem manajemen keamanan informasi dengan standar ISO/IEC 27001 dan ISO/ICE 27002 pada PT Jasa Marga. Co-Creation: Jurnal Ilmiah Ekonomi Manajemen Akuntansi dan Bisnis, 1(4), 169-179. https://jurnal.arkainstitute.co.id/index.php/co-creation/article/view/700

Suryono, I. (2023). Isms Evaluasi Penilaian Mandiri Penerapan SMKI Di Lingkungan Lembaga Awdx: Evaluasi implementasi SMKI. JUPIK: Jurnal Penelitian Ilmu komputer, 1(1). https://mypublikasi.com/index.php/JUPIK/article/view/3

Winanti, M. B., & Dzulhan, I. (2018). Audit Keamanan Sistem Informasi Akademik Dengan Kerangka Kerja ISO 27001 Di Program Studi Sistem Informasi Unikom. Majalah Ilmiah Unikom, 16(2), 121-131. https://ojs.unikom.ac.id/index.php/jurnal-unikom/article/view/1355

Tim Redaksi BSSN. (2022). Lanskap Keamanan Siber Indonesia 2022. Badan Sandi Dan Siber Negara.

Yustanti, W., Bisma, R., Qoriah, A., & Prihanto, A. (2018). Keamanan Sistem Informasi. Sidoarjo: Zifatama Jawara.

Zendrato, N., & Zarlis, M. (2018). Analisis Keamanan Data Dengan Pengformatan Media Penyimpanan Dengan Metode OS Format Dan Low Level Format. In Prosiding Seminar SeNTIK (Vol. 2, No. 1, pp. 146-151). https://ejournal.jak-stik.ac.id/files/journals/2/articles/sentik2018/3162/3162.pdf

Information Security Management System (ISMS) at BPJS Kesehatan Tondano: Implementation of ISO 27001:2022 Standard

Article Sidebar

Main Article Content

Abstract

Keywords

Article Details

References

References