Digital transformation has become a priority for SMEs (Micro, Small and Medium Enterprises), including BPRBCo (Bank Perekonomian Rakyat), to remain competitive amidst rapid technological developments. Information security is a critical aspect in this process, which requires a systematic and standardized approach. Previous research emphasizes the importance of ambidextrous (hybrid traditional and agile) information security management for large-scale banks as one of the seven key mechanisms for successful digital transformation, namely data management and information security. However, this approach has not proven effective for small-scale banks such as BPRs. This research aims to design an information security management system (ISMS) based on ISO 27001:2022, with a focus on the readiness of BPRBCo SME in facing digital transformation. This research adopts the five stages of Design Science Research (DSR), namely problem identification, requirement specification, design and development, demonstration, and evaluation. Data was collected through semi-structured interviews and document analysis, then analyzed using the ISO 27001:2022 SMKI framework. After risk analysis and mapping against previous study references, PDCA and Annex controls were found to be prioritized for BPRBCo. The results of this study developed an IMS framework specifically designed to meet the needs of SMEs, with a focus on the SME Focus Area. The DSR method enables the creation of practical solutions, based on an iterative cycle that combines theory and practice to produce optimal results. The resulting ISMS framework is then evaluated to assess the extent to which this design affects BPRBCo's readiness to obtain ISO 27001:2022 certification, as well as its impact on improving information security during the digital transformation process. This research also provides implementation recommendations by integrating three main aspects: people, process, and technology.

M. F. Safitra, M. Lubis, And A. Widjajarto, “Security Vulnerability Analysis Using Penetration Testing Execution Standard (Ptes): Case Study Of Government’s Website,” In Acm International Conference Proceeding Series, 2023. Doi: 10.1145/3592307.3592329.

K. S. R. Warner And M. Wäger, “Building Dynamic Capabilities For Digital Transformation: An Ongoing Process Of Strategic Renewal,” Long Range Plann, Vol. 52, No. 3, 2019, Doi: 10.1016/J.Lrp.2018.12.001.

C. Gong And V. Ribiere, “Developing A Unified Definition Of Digital Transformation,” Technovation, Vol. 102, 2021, Doi: 10.1016/J.Technovation.2020.102217.

V. Gurbaxani And D. Dunkle, “Gearing Up For Successful Digital Transformation,” Mis Quarterly Executive, Vol. 18, No. 3, 2019, Doi: 10.17705/2msqe.00017.

R. Mulyana, L. Rusu, And E. Perjons, “It Governance Mechanisms Influence On Digital Transformation: A Systematic Literature Review,” In 27th Annual Americas Conference On Information Systems, Amcis 2021, 2021.

N. L. Rinanty, Y. A. Prasetyo, And R. Mulyana, “Analisis Dan Perancangan Tata Kelola Teknologi Informasi Pada Lembaga Keuangan Mikro Menggunakan Framework Cobit 5 Domain Build Acquire And Implement (Bai),” E-Proceeding Of Engineering, Vol. 4, No. 2, 2017.

R. Mulyana, L. Rusu, And E. Perjons, “It Governance Mechanisms That Influence Digital Transformation: A Delphi Study In Indonesian Banking And Insurance Industry,” Pacific Asia Conference On Information Systems (Pacis), No. Ai-Is-Asia, 2022.

R. Mulyana, L. Rusu, And E. Perjons, “How Hybrid It Governance Mechanisms Influence Digital Transformation And Organizational Performance In The Banking And Insurance Industry Of Indonesia,” In International Conference On Information Systems Development (Isd), 2023.

Bq. D. Tarbiyatuzzahrah, R. Mulyana, And A. F. Santoso, “Penggunaan Cobit 2019 Gmo Dalam Menyusun Pengelolaan Layanan Ti Prioritas Pada Transformasi Digital Bankco,” Jtim : Jurnal Teknologi Informasi Dan Multimedia, Vol. 5, No. 3, 2023, Doi: 10.35746/Jtim.V5i3.400.

Y. W. D. M. Dewi, R. Mulyana, And A. F. Santoso, “Penggunaan Cobit 2019 I&T Risk Management Untuk Pengelolaan Risiko Transformasi Digital Bankco,” Jutisi: Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi, Vol. 12, No. 3, 2023.

A. Rahmadana, R. Mulyana, And A. F. Santoso, “Pemanfaatan Cobit 2019 Information Security Dalam Merancang Manajemen Keamanan Informasi Pada Transformasi Bankco,” Jutisi: Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi, Vol. 12, No. 3, 2023.

N. Riznawati, R. Mulyana, And A. F. Santoso, “Pendayagunaan Cobit 2019 Devops Dalam Merancang Manajemen Pengembangan Ti Agile Pada Transformasi Digital Bankco,” Seiko : Journal Of Management & Business, Vol. 6, No. 2, 2023.

M. A. Andyas, R. Mulyana, And W. A. Nurtrisha, “Manajemen Keamanan Informasi Untuk Transformasi Digital Insurco Berbasis Cobit 2019 Focus Area Information Security,” Zonasi: Jurnal Sistem Informasi, Vol. 5, No. 3, 2023, Doi: 10.31849/Zn.V5i3.15275.

A. Viamianni, R. Mulyana, And F. Dewi, “Cobit 2019 Information Security Focus Area Implementation For Reinsurco Digital Transformation,” Jiko (Jurnal Informatika Dan Komputer), Vol. 6, No. 2, 2023, Doi: 10.33387/Jiko.V6i2.6366.

R. A. Prayudi, R. Mulyana, And R. Fauzi, “Seiko : Journal Of Management & Business Pengendalian Digitalisasi Fintechco Melalui Perancangan Pengelolaan Keamanan Informasi Berbasis Cobit 2019 Information Security Focus Area,” Seiko : Journal Of Management & Business, Vol. 6, No. 2, 2023.

A. F. Utami, I. A. Ekaputra, And A. Japutra, “Adoption Of Fintech Products: A Systematic Literature Review,” Journal Of Creative Communications, Vol. 16, No. 3, 2021, Doi: 10.1177/09732586211032092.

M. Antunes, M. Maximiano, R. Gomes, And D. Pinto, “Information Security And Cybersecurity Management: A Case Study With Smes In Portugal,” Journal Of Cybersecurity And Privacy, Vol. 1, No. 2, 2021, Doi: 10.3390/Jcp1020012.

M. F. Safitra, M. Lubis, And M. T. Kurniawan, “Cyber Resilience: Research Opportunities,” In Acm International Conference Proceeding Series, 2023. Doi: 10.1145/3592307.3592323.

R. Mulyana, L. Rusu, And E. Perjons, “Key Ambidextrous It Governance Mechanisms Influence On Digital Transformation And Organizational Performance In Indonesian Banking And Insurance,” 2024.

R. Mulyana, L. Rusu, And E. Perjons, “The Key Ambidextrous It Governance Mechanisms For A Successful Digital Transformation: Case Study Of Bank Rakyat Indonesia (Bri),” Digital Business, P. 100083, 2024.

B. Panjaitan, L. Abdurrahman, And R. Mulyana, “Pengembangan Implementasi Sistem Manajemen Keamanan Informasi Berbasis Iso 27001:2013 Menggunakan Kontrol Annex: Studi Kasus Data Center Pt. Xyz,” E-Proceeding Of Engineering, Vol. 8, No. 2, 2021.

T. S. Putri, N. Mutiah, And D. Prawira, “Analisis Manajemen Risiko Keamanan Informasi Menggunakan Nist Cybersecurity Framework Dan Iso/Iec 27001:2013 (Studi Kasus: Badan Pusat Statistik Kalimantan Barat),” Coding : Jurnal Komputer Dan Aplikasi, Vol. 10, No. 2, Pp. 237–248, 2022.

M. Bada And J. R. C. Nurse, “Developing Cybersecurity Education And Awareness Programmes For Small- And Medium-Sized Enterprises (Smes),” Information And Computer Security, Vol. 27, No. 3, 2019, Doi: 10.1108/Ics-07-2018-0080.

R.-P. Classen, M. Garbutt, And J. Njenga, “Factors Influencing The Adoption Of Digital Technologies In South African Smmes,” 2021.

M. Varachia, S. Bvuma, And A. Pooe, “Adoption Of Cybersecurity Practices For Smmes,” 2022.

“Pojk 7 Tahun 2024 Bank Perekonomian Rakyat Dan Bank Perekonomian Rakyat Syariah”.

J. Damian Vasquez, “Iso/Iec 27000,” High Tech-Engineering Journal, Vol. 3, No. 2, 2023, Doi: 10.46363/High-Tech.V3i2.3.

A. Fathurohman And R. W. Witjaksono, “Analysis And Design Of Information Security Management System Based On Iso 27001: 2013 Using Annex Control (Case Study: District Of Government Of Bandung City),” Bulletin Of Computer Science And Electrical Engineering, Vol. 1, No. 1, 2020, Doi: 10.25008/Bcsee.V1i1.2.

A. R. Hevner, S. T. March, J. Park, And S. Ram, “Design Science In Information Systems Research,” Mis Q, Vol. 28, No. 1, 2004, Doi: 10.2307/25148625.

P. Ness And L. Fusch, “Are We There Yet? Data Saturation In Qualitative Research,” Qualitative Report, Vol. 20, No. 9, 2015.

M. Denscombe, The Good Research Guide For Small Scale Research Projects, Vol. 6, No. 3. 2010.

R. K. Yin, “Discovering The Future Of The Case Study Method In Evaluation Research,” American Journal Of Evaluation, Vol. 15, No. 3, 1994, Doi: 10.1177/109821409401500309.

Ojk, “Standar Penyelenggaraan Teknologi Informasi Bagi Bank Perkreditan Rakyat Dan Bank Pembiayaan Rakyat Syariah.” Ojk.Go.Id. Accessed: Jun. 13, 2024. [Online]. Available: Https://Ojk.Go.Id/Id/Regulasi/Pages/Pojk-7-Tahun-2024-Bank-Perekonomian-Rakyat-Dan-Bank-Perekonomian-Rakyat-Syariah.Aspx

N. Ramadhan And U. Rose, “Adapting Iso/Iec 27001 Information Security Management Standard To Smes,” 2022.

W. S. Basri And A. L. Ayu, “Risk Management In Information Systems: Applying Iso 31000: 2018 And Iso/Iec 27001: 2022 Controls At Pmi’s Central Clinic,” International Journal For Applied Information Management, Vol. 4, No. 1, Pp. 1–13, 2024.

A. K. Shenton, “Strategies For Ensuring Trustworthiness In Qualitative Research Projects,” Education For Information, Vol. 22, No. 2, 2004, Doi: 10.3233/Efi-2004-22201.

Bprbco, “Interview Transcript Of Bprbco.” Mar. 2024.