<![CDATA[Observation of SIMAK that in the process of operating the system is still experiencing obstacles such as data leakage which results in impaired agency performance, insufficient security and control to anticipate forms of fraud and illegal actions that result in large losses for information owners and uncontrolled access rights, so that a system the information used must have a guaranteed level of information security, including database security, hardware, software and human resources.Based on observations in SIMAK, the authors conclude to audit SIMAK so that they are documented and obtain audit evidence and evaluate it objectively. From the results of comparisons with other methods, the authors chose the ISO 27001: 2013 SNI standard as a standard for auditing the security of an information system and used as a reference to produce documents (findings and recommendations) which are the results of the SIMAK information system security audit at STMIK Mardira Indonesia.From the results of the study it was identified that the clause used was, Clause 5: Security Policy, the current SIMAK security policy is still not appropriate, Clause 7: Asset Management is still not appropriate to achieve and maintain appropriate protection of organizational assets due to the absence of a policy letter regarding asset management, Clause 9: Access Control so that there is no misuse of access rights and there are procedures for controlling access rights, Clause 15: Compliance has not been adjusted to the applicable academic regulations, and the time has been scheduled on the educational calendar is also the legal aspect of the software used. Keyword : IT services, SNI ISO/IEC 27001: 2013, SIMAK, Audit, Information securityDOI : http://doi.org/10.5281/zenodo.3929072]]>
