Development of a Compliance Assessment Model for One of the Universities to ISO 27001:2022 Standards

Information security systems are important for organizations, including universities, because they are a crucial aspect of today's digital world. In this context ISO 27001:2022 is an important standard. One of the universities in Jambi City  manages sensitive data, using various information systems such as student data, lecturers, finance, employees and research, this will certainly increase the complexity of information security system governance. The college also has an open academic community, consisting of students, alumni, faculty, and administrative staff, which provides opportunities for increased information system security risks, such as phishing and malware attacks. This study aims to develop an assessment model for the compliance of higher education organizations with ISO 27001:2022 standards and apply the model to one of the universities in Jambi City. Evaluations show that the universities has a high level of compliance with physical and environmental security, but areas such as information security policy, risk management, information assets, access control, network security, as well as security incident management require increased compliance. Recommendations for improvement and improvement are given for each area that requires more attention, according to the ISO 27001:2022 standard including the development of risk identification, risk management, identification of important information assets, protection of information assets, protection against network attacks, regular network security monitoring, procedures for developing effective event response, reporting of security events, and learning from events that occur. In conclusion, the development of one of the universities in Jambi City organization's compliance assessment model with the ISO 27001:2022 standard provides a comprehensive view of the level of compliance in various areas of information system security. Through the identification of weaknesses and the recommendations for improvement that are drafted, concrete steps can be taken to improve compliance and manage information system security more effectively.