Risk Analysis of Dutch Healthcare Company Information System

The purpose of this research is to assure the performance and quality of healthcare information system security from the Dutch Company, which is located in Rotterdam, Netherland. The research applies COBIT 5 to audit the existing information security management system (ISMS) based on ISO 27001 and NEN 7510-2 2017 toolkit to audit the information system security for healthcare-specific issue. The audit is applied in order to identify any risk that might come during the ISMS implementation. On the other hand the result will be used as an improvement for the successor version of ISMS which compatible with the ISO 27001 and NEN 7510-2. The research was composed by applying qualitative method that consists of observation of the activity of the company and reviews the existing ISMS-related documents. As a result of this audit, the company ISMS has an achievement from NEN 7510-2:2017 audit result that has a score for 92.86 % on security management section. For the COBIT 5 result, the audit yield a result that consist of two “Established Process” level on APO13 and MEA02 and “Predictable Process” level on DSS 05. The result indicates a good result and encourages the company to improve their ISMS for next period.