ISO 27000 and KAMI Index: PT XYZ (Travel Agent)
PT XYZ is one of the Travel Agent companies in Indonesia that is aware the value of information security, as shown due to the ISO 27001:2013 certification in 2021. However, there are still areas that must be adjusted to improve the company's Information Security Management System. In this study, the CAPD (Check-Act-Plan-Do) technique was used, with the KAMI Index supporting as an information security evaluation tool in compliance with ISO 27001:2013 standards. Check examines the firm's present state, Act evaluates the areas identified in the KAMI Index, Plan analyzes the evaluation outcomes and makes recommendations in accordance with ISO 27001: 2013 and Do offers recommendations to the company. The results of the evaluation show that PT XYZ received a score of 623 from 645 and the value is in the green area, indicating that it is in the "Good" category. The evaluation findings from PT XYZ's KAMI Index are decent but have not yet achieved the highest rating. To help PT XYZ, maximize the Information Security Management System, its existence is utilized as a finding that is compared to the ISO 27001: 2013 standard and results in recommendations for improvement.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike International License (CC-BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Copyright without Restrictions
The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
The submitted papers are assumed to contain no proprietary material unprotected by patent or patent application; responsibility for technical content and for protection of proprietary material rests solely with the author(s) and their organizations and is not the responsibility of the ULTIMA InfoSys or its Editorial Staff. The main (first/corresponding) author is responsible for ensuring that the article has been seen and approved by all the other authors. It is the responsibility of the author to obtain all necessary copyright release permissions for the use of any copyrighted materials in the manuscript prior to the submission.