Indonesia Conference Directory

The purpose of this research is to assure the performance and quality of healthcare information system security from Dutch Company which is located in Rotterdam, Netherland. The research apply COBIT 5 to audit the existing information security management system (ISMS) based on ISO 27001 and NEN 7510-2 2017 toolkit to audit the information system security for healthcare-specific issue. The audit is applied in order to identify any risk that might come during the ISMS implementation. On the other hand the result will be used as an improvement for the successor version of ISMS which compatible to the ISO 27001 and NEN 7510-2. The research is composed by applying qualitative method that consist of observation to the activity of the company and review the existing ISMS-related documents. The observation utilize selected COBIT 5 process form and selected NEN 7510-2 toolkit based on scope of vision and mission of the company. After scoping the research, the audit process for NEN 7510-2 2017 is applied to the security management aspect. For the COBIT 5-based audit, the audit focus on three kind of process that consist of APO 13, DSS 05 and MEA 02. As a result of this audit, the company ISMS has an achievement from NEN 7510-2:2017 audit result that has a score for 92.86 % on security management section. For the COBIT 5 result, the audit yield a result that consist of two “Established Process” level on APO13 and MEA02 and “Predictable Process” level on DSS 05. The result indicate a good result and encourage the company to improve their ISMS for next periode