Data Center Information Security Analysis Based on ISO 27001:2022 Standard Using the FMEA Method at PT XYZ

PT XYZ is an IT distribution company playing a crucial role in supplying technology products in Indonesia. As a company operating in the field of information technology, PT XYZ has a data center that stores various critical information. Ensuring the security of data within this data center is essential, and it must be protected with adequate security standards. Following the Information Technology Security and Decision Directives of PT XYZ, an evaluation of the information security within the company's data center was conducted to achieve ISO 27001 certification for information security. This research aims to assess and evaluate the level of information security in PT XYZ's data center using the SSE-CMM assessment index and to identify the Risk Priority Number (RPN) for each identified risk using the FMEA method. The findings indicate that the maturity level of information security in the data center is at Level 3 (defined process) in the SSE-CMM model. Additionally, risk assessment using the FMEA method identified that 14 risks are in the Very Low category, 2 risks are in the Low category, and 2 risks are in the High category. The overall evaluation suggests that PT XYZ's data center is sufficiently prepared to achieve ISO 27001 certification. One recommended improvement is to periodically update the Work Instructions (WI) related to information security policies and to regularly review these security policies