Information Security Architecture for Pesantren: The Synergy of ISO/IEC 27001 and TOGAF ADM in Supporting Sustainable Quality Education
DOI:
10.29303/jppipa.v12i4.14712Published:
2026-04-25Downloads
Abstract
Digital transformation in Islamic boarding schools (pesantren) presents new challenges in protecting information assets and student data privacy. This study aims to perform an information security analysis in a pesantren currently undergoing a crucial digital transition, aligned with the institutional vision to implement digital administrative services and science-and-technology-based learning. The research methodology integrates the ISO/IEC 27001:2022 information security standard as an audit instrument into the TOGAF ADM framework, limited to Phase D (Technology Architecture). This approach aims to establish a foundational infrastructure and critical technical governance that complies with security standards prior to the architecture implementation phase. A selection of 41 security controls was made through asset identification and risk assessment to represent the specific operational needs of the pesantren for effective mitigation. Research findings reveal significant gaps in identity management, backup protocols, and cryptography, stemming from a governance approach that remains reactive. This study concludes that strengthening information security through policy standardization, the implementation of Role-Based Access Control (RBAC), and data recovery procedures is urgent to ensure the integrity and sustainability of digital services. The synergy between regulatory compliance and resilient technology architecture serves as the primary determinant in protecting data sovereignty within traditional educational institutions.
Keywords:
Information security ISO/IEC 27001:2022 Pesantren Risk analysis Togaf ADMReferences
Akobiarek, M. N. R., Hariyadi, S., Indrawati, I., & Tanta, C. (2026). Profile of Basic Teaching Skills of Prospective Biology Teachers: A Video-Based Longitudinal Study in a Microteaching Course (2020–2023). Jurnal Penelitian Pendidikan IPA, 12(1), 879–886. https://doi.org/10.29303/jppipa.v12i1.14197
Al Omari, H., Alkhateeb, A., & Hammo, B. (2024). Applying Togaf-Based Enterprise Architecture in The Healthcare Sector: A Case Study of The National Center for Diabetes in Jordan. Jordanian Journal of Computers and Information Technology (JJCIT), 10(02). https://doi.org/10.5455/jjcit.71-1705704023
Alfitrah, D. A., & Leegowo, N. (2026). Risk Assessment of Healthcare Information Systems in Indonesian Regional Government Hospitals Using ISO 27001:2022. Journal of Computer Science, 22(3), 778–786. https://doi.org/10.3844/jcssp.2026.778.786
Alier, M., Guerrero, M. J. C., Amo, D., Severance, C., & Fonseca, D. (2021). Privacy and E-Learning: A Pending Task. Sustainability (Switzerland), 13(16). https://doi.org/10.3390/su13169206
Anjarwati, A., Qomariyah, R. S., Prameswari, D. A., Laili, S. N., & Wahyuningrum, P. D. R. (2025). Transforming Science Learning in the Era of Education 5.0 Through Virtual Reality (VR) Millea Lab: Improving Understanding of Science Concepts and Technological Literacy for Digital Native Students. Jurnal Penelitian Pendidikan IPA, 11(11), 256–264. https://doi.org/10.29303/jppipa.v11i11.12850
Astutik, S., Andayani, S., & Hertika, A. M. S. (2025). Comparison of Water Conditions and Growth Performance of Vannamei Shrimp (Litopenaeus vannamei) under Different Pond Management Systems (Superintensive, Intensive, and Traditional Culture Systems). Jurnal Penelitian Pendidikan IPA, 11(6), 390–403. https://doi.org/10.29303/jppipa.v11i6.10130
Billa, Y. S., & Restian, A. (2026). Development of Augmented Reality-Based Scansmart Card Media to Improve Elementary Students’ Understanding of Photosynthesis in Support of SDG 4 (Quality Education). Jurnal Penelitian Pendidikan IPA, 12(1), 797–805. https://doi.org/10.29303/jppipa.v12i1.14281
Djebbar, F., & Nordstrom, K. (2023). A Comparative Analysis of Industrial Cybersecurity Standards. IEEE Access, 11, 85315–85332. https://doi.org/10.1109/ACCESS.2023.3303205
Fray, I. El, & Wiliński, A. (2024). Modifications of the Formal Risk Analysis and Assessment for the Information System Security. Advances in Science and Technology Research Journal, 18(2), 317–332. https://doi.org/10.12913/22998624/185162
Geasela, Y. M., & Legowo, N. (2022). Designing Information System Architecture Based on Education 4.0 Case Study: Senior High School Institutions of Indonesia. Journal of Computer Science, 18(7), 622–637. https://doi.org/10.3844/JCSSP.2022.622.637
Hadi, M. D. S., Gultom, R. A. G., Ansori, A., & Kustiawan, B. (2025). Defense Information Systems Architecture for Cyber Threats: A Systematic Review of the Research Literature. Jurnal Penelitian Pendidikan IPA, 11(10), 10–22. https://doi.org/10.29303/jppipa.v11i10.12905
Hadita, A., Wufron, W., & Septiana, Y. (2023). Analisis Penerimaan Sistem Informasi Akademik Santri Berbasis Web di Pondok Pesantren Al Halim Garut Menggunakan Metode Technology Acceptance Model. Jurnal Algoritma, 20(1), 190–198. https://doi.org/10.33364/algoritma/v.20-1.1160
Hardi, K. V., & Legowo, N. (2023). Enterprise Architecture: Enabling Digital Transformation for Operational Business Process during COVID-19. HighTech and Innovation Journal, 4(1), 1–18. https://doi.org/10.28991/HIJ-2023-04-01-01
Ibrahim, I., Nurwahidah, N., Suranti, N. M. Y., & Alimuddin, N. (2025). Integrating QR Code Technology in Elementary Science Content: A Developmental Study on Critical Thinking Skills. Jurnal Penelitian Pendidikan IPA, 11(11), 215–228. https://doi.org/10.29303/jppipa.v11i11.12629
Istutik, I., Rahmawati, I. P., & Tuakia, H. (2023). Konstruksi Laporan Keuangan Pondok Pesantren (Studi pada Pondok Pesantren Al-Washoya Jombang). Jurnal Manajemen Dirgantara, 16(1), 141–147. https://doi.org/10.56521/manajemen-dirgantara.v16i1.920
Khairani, L., Rifai, H., & Husna, H. (2025). Integration of Edupark and Digital Technology: Analysis of the Need for a Physics Learning Website to Address Misconceptions. Jurnal Penelitian Pendidikan IPA, 11(11), 35–44. https://doi.org/10.29303/jppipa.v11i11.12610
Khairunnisa, F., Ilham, I., Widowati, A., Nugraha, U., & Sukendro, S. (2025). Pengembangan Aplikasi Penilaian Senam Aerobik pada Pusat Pendidikan dan Latihan Olahraga Pelajar (PPLP) Provinsi Jambi. Jurnal Penelitian Pendidikan IPA, 11(11), 138–143. https://doi.org/10.29303/jppipa.v11i11.13354
Kusuma, F. A., Nurhayati, N., & Susilo, S. (2021). Penguatan Pendidikan Karakter Peserta Didik Melalui Peraturan Pondok Pesantren di Era 4.0. Jurnal Ilmiah Mimbar Demokrasi, 21(1), 48–52. https://doi.org/10.21009/jimd.v21i1.23046
Lattu, A., Saepudin, S., Destria, N., Irawan, C., Sembiring, F., & Jatmiko, W. (2022). Perancangan Enterprise Menggunakan Framework Togaf pada Yayasan Baitul Huda. Jurnal Sistem Informasi dan Teknologi Informasi), 4(2), 83–89. https://doi.org/10.52005/jursistekni.v4i2.133
Lusiani, L., Vidhiasi, D. M., & Supriyanto, S. (2026). The Implementation of a Deep Learning Approach Using QR Code–Based Learning Media to Enhance High School Students’ Academic Performance in Kinematics. Jurnal Penelitian Pendidikan IPA, 12(1), 521–536. https://doi.org/10.29303/jppipa.v12i1.13484
Ma’arif, M. A., Arif, M., Rokhman, M., Hali, A. U., Kartiko, A., & Sirojuddin, A. (2026). Model of Kiai Leadership Based on Local Wisdom: Preventing Radicalism and Building Education in the Global South. Kharisma, 5(1), 17–31. https://doi.org/10.59373/kharisma.v5i1.149
Maradova, K., Blecha, P., Samelova, V., Marada, T., & Zuth, D. (2026). Bayesian Networks for Cybersecurity Decision Support: Enhancing Human-Machine Interaction in Technical Systems. Applied Sciences (Switzerland), 16(6). https://doi.org/10.3390/app16063053
Maulana, Y. M., Rizal, Z., Azmi, M., & Arshah, R. A. (2023). Modeling of Strategic Alignment to Modify TOGAF Architecture Development Method Based on Business Strategy Model. IJASEIT, 13(1). https://doi.org/10.18517/ijaseit.13.1.16565
Min, C. H., & Kwak, J. (2025). RMF-A: An Availability Assurance Framework for Quantitative Evaluation of Operational Resilience. Electronics (Switzerland), 14(23). https://doi.org/10.3390/electronics14234644
Mirtsch, M., Pohlisch, J., & Blind, K. (2026). Certification as a Compensation Mechanism for Weak Regulation? Exploring the Diffusion of the International Standard ISO/IEC 27001 for Information Security Management. Computers and Security, 162. https://doi.org/10.1016/j.cose.2025.104774
Mof, Y., Ramadan, W., & Mizani, H. (2026). Evaluating the Effectiveness of the Santripreneur Program in Islamic Boarding School: A CIPP-Based Qualitative Assessment of Screenprinting Training. Munaddhomah, 7(1), 141–156. https://doi.org/10.31538/munaddhomah.v6i4.2435
Mubarak, M. Z., Fuad, S., & Kholid, N. (2023). Implementasi Total Quality Management Perspektif Hensler dan Brunell di Pondok Pesantren Salafiyah. Jurnal Manajemen dan Pendidikan Islam, 9(2), 104–113. https://doi.org/https://doi.org/10.26594/dirasat
Nelson, A., Rekhi, S., Souppaya, M., & Scarfone, K. (2025). Incident Response Recommendations and Considerations for Cybersecurity Risk Management: (IJACSA) International Journal of Advanced Computer Science and Applications. https://doi.org/10.6028/NIST.SP.800-61r3
Petrov, P., Kuyumdzhiev, I., Malkawi, R., Dimitrov, G., & Jordanov, J. (2022). Digitalization of Educational Services with Regard to Policy for Information Security. TEM Journal, 11(3), 1093–1102. https://doi.org/10.18421/TEM113-14
Rahmadani, R. G., Nurhayati, O. D., & Nugraheni, D. M. K. (2024). Governance in Samarinda City Using TOGAF (The Open Group Architecture Framework): Literature Review. Edelweiss Applied Science and Technology, 8(6), 5161–5168. https://doi.org/10.55214/25768484.v8i6.3139
Rambau, T. M., Munyoka, W., Phahlamohlaka, L. J., & Kadyamatimba, A. (2026). Evaluating Cyber Resilience Frameworks for E-Government: Applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in Developing Country Contexts. Information and Computer Security, 1–22. https://doi.org/10.1108/ICS-09-2025-0376
Sari, V. K., Jalmo, T., & Suyatna, A. (2025). Development of Differentiated Student Worksheets (LKPD) Oriented Towards Inquiry-Based Learning to Improve Critical Thinking Skills of High School Students on The Subject of The Human Digestive System. Jurnal Penelitian Pendidikan IPA, 11(11), 286–298. https://doi.org/10.29303/jppipa.v11i11.12433
Subangkit, H. S., Taqqa, T. H., & Saputra, D. I. S. (2026). Lecturer Performance Prediction Based on Student Evaluation Data Using a Hybrid K-Means and Random Forest Model. Jurnal Penelitian Pendidikan IPA, 12(1), 352–358. https://doi.org/10.29303/jppipa.v12i1.14163
Warsihna, J., Ramdani, Z., Kurniawan, H., Zulfikri, Z., Kosasih, F. R., Mudayat, M., & Syaikhu, A. (2026). Students’ Perceptions of the Use of Artificial Intelligence in Discussion Forum Evaluation on Massive Open Online Courses Platform. Jurnal Penelitian Pendidikan IPA, 12(1), 893–900. https://doi.org/10.29303/jppipa.v12i1.13975
Wijaya, I. S., Ridho, M., Hidayati, D. L., & Mahdi, M. (2024). Utilization of Digital Technology in Islamic Boarding Schools: A Case Study in Samarinda. Lentera: Jurnal Ilmu Dakwah dan Komunikasi, 7(2), 140–153. https://doi.org/10.21093/lentera.v7i2.7390
License
Copyright (c) 2026 yussrizal Asygaf, Dinar Mutiara Kusumo Nugraheni, Oky Dwi Nurhayati
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with Jurnal Penelitian Pendidikan IPA, agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC-BY License). This license allows authors to use all articles, data sets, graphics, and appendices in data mining applications, search engines, web sites, blogs, and other platforms by providing an appropriate reference. The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in Jurnal Penelitian Pendidikan IPA.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
