Planning and Control of Information Security on Infrastructure IT Management Project in Pharmaceutical Industry with ISO27001:2013 Approach

Abstract

The success rate of implementation and development of IT Infrastructure technology on the pharmaceutical industry in Indonesia is greatly influenced by project management readiness. One aspect that receives little attention in project implementation is information security control. This aspect is a critical point that the instance must manage to maintain information security from the confidentiality (C), integrity (I), and availability (A) sides. The data from the pharmaceutical IT security team in 2021 also shows that there have been incidents caused by internal and external threats of 2928 every month and have a close correlation with the IT Infrastructure project. So that in this study a plan and governance of the application of information security controls to IT Infrastructure management projects using the ISO 27001: 2013 approach will be carried out. The application of these security controls is expected to reduce incidents and can be a recommendation to address vulnerabilities to security threats that could affect future business processes.