PT ASABRI (Persero) has Officially Achieved Information Security Management System Certification ISO/IEC 27001

YES! 2021 is the year of achievement for ASABRI. ASABRI has officially achieved ISO/IEC 27001 Certificate from British Standard Institution (BSI). ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

Erna Damayanty as Managing Director of BSI Indonesia stated the ISO/IEC 270001 standard was originally a British Standard 7799 which was adopted as an ISO standard that has been recognized by 164 countries in the world. ISO/IEC 27001 certificate given to ASABRI issued by British Standard Institution as the creator of ISO/IEC 27001 standard which has international accreditation.

Achieving ISO 27001 certified is not quick or easy, the length of time it takes varies from organization to organization and depends on a lot of different factors. Conservatively, businesses should plan on spending around a year to become compliant and certified. The compliance journey involves several key steps, including:

1. Develop a project plan. It’s important to treat your ISO 27001 initiative as a project that needs to be managed diligently.

2. Perform a risk assessment. The objective of the risk assessment is to identify the scope of the report (including your assets, threats and overall risks), build a hypothesis on whether you’ll pass or fail, and build a security roadmap to fix things that represent significant risks to security.

3. Design and implement controls based on your security roadmap.

4. Document what you're doing . During an audit, you will need to provide your auditor documentation on how you’re meeting the requirements of ISO 27001 with your security processes, so he or she can conduct an informed assessment.

5. Monitor and remediate. Monitoring against documented procedures is especially important because it will reveal deviations that, if significant enough, may cause you to fail your audit. Monitoring gives you the opportunity to fix things before it’s too late. Consider monitoring your last dress rehearsal: Use this time to finalize your documentation and make sure things are signed off.

Once again, Congratulations ASABRI! on its success in achieving ISO 27001. Getting certified with international standards is a form of love and responsibility in improving ASABRI's services. Keep up the good work in implementing Information Security Management System. Thank you for the trust that has been given to Multimatics.