Audit Keamanan Sistem Informasi Puskesmas Dengan Standar ISO/IEC 27001:2013 Dan Framework COBIT 5

Abstract

One of the problems of a company is the security of information systems. High security is needed to maintain the confidentiality and misuse of information within the organization. To improve the security of business operations and the quality of information technology resources, it is necessary to evaluate the security of existing information technology assets. Just like one of the systems at PT Infokes Indonesia, namely the Health Center Information System, this is a multi-functional application based on a web base so that it can be used by more than one user at the same time as patient recording is done electronically. The purpose of this study was to conduct a security audit of the Health Center Information System at PT. Infokes Indonesia uses ISO/IEC 27001:2013 and the COBIT 5 framework to document audit findings of information system audits at PT. Infokes Indonesia to make an audit report. Based on the results of research that has been conducted through interviews and questionnaires using the COBIT 5 framework and using the APO13 sub domain, the results show that Existing Capability is at level 1 while the expected Capability Level is at level 3 so that the Capability Gap is 2.