MBO Officially Entered the BSSN Whitelist: Proof of Competence of ISO 27001 Consultants

JAKARTA - In Indonesia, anyone can claim to be an ISO 27001 consultant. There is no mandatory license, no national competency exam that must be passed. As a result, the market is filled with service providers with very varied quality and organizations that choose the wrong consultant must bear the consequences: implementation that does not meet standards, audit failures, to waste of budget that is not a little.

That's why this one thing is a significant differentiator: is your consultant registered in the BSSN Consultant Agency White List?

Because PT Mitra Berdaya Optima (MBO) has been registered since April 2022.

What is BSSN Whitelist and Why is it Important?

The National Cyber and Security Agency (BSSN) is Indonesia's national cyber security authority. Through BSSN Regulation No. 8 of 2020 and Circular Letter No. 52 of 2023, BSSN establishes standards and supervisory mechanisms for institutions engaged in information security consulting.

One of the outputs of this regulation is the BSSN Whitelist, an official list of consulting institutions that have been verified directly by BSSN on the basis of:

Company legality and appropriate business scope Competence and certification of the implementation team that is officially registered at BSSN Completeness of documentation and track record of the project that can be accounted for Compliance with periodic audits held by BSSN

As of February 2024, out of thousands of consulting companies operating throughout Indonesia, only 45 institutions have managed to enter this list. MBO is among the 45, with the official certificate number SMPI.LK.2/BSSN/D1/PS.02.01/04/2022.

Not Just Registered, MBO Actively Proving Its Compliance

Entering the BSSN Whitelist is not a one-time achievement. Registered institutions are required to undergo periodic compliance audits held by BSSN to ensure that competence standards continue to be maintained.

On July 1, 2025, MBO officially underwent the BSSN Compliance Audit, a comprehensive evaluation that includes:

Company internal policies and regulations Certification and human resource competence Training and development mechanism of consultant team Technical work framework applied in client projects Consultants applying the same standards to themselves

Many ISO consultants help clients get certified, but are not ISO certified themselves.

MBO is a holder of ISO 9001:2015 (Quality Management System) and ISO 27001:2022 (Information Security Management System) certifications, both of which were issued by TÜV SÜD, one of the most prestigious international certification bodies.

This means that every methodology, document, and work system recommended to clients is the same system that is run internally.

Trusted by Leading Organizations

Since its establishment in 2019, MBO has assisted more than 500 clients from various sectors. For the implementation of ISO 27001, some of the leading organizations that have entrusted the process to MBO include:

Client

Sector

Telkom Indonesia

State-owned telecommunications company

Astra Honda Motor

Automotive Manufacturing

OTO Group

Automotive Financial Services

West Java Diskominfo

Regional Government

JULO

Fintech Lending (OJK)

Tokocrypto

Digital Assets / Crypto

What Do You Get When You Work with MBO?

MBO will accompany you in building a truly running information security system. The ISO 27001 consultation process includes:

Gap Analysis Mapping the current state of your organization against the requirements of ISO 27001 to find out how far the distance to be covered and what needs to be prioritized.

The preparation of policy documents, procedures, risk registers, Statement of Applicability (SoA), and others, is prepared together with your team with a contextual approach, not copy-paste templates.

Awareness and Internal Audit Training Your employees need to understand and run the system, not just know that the system exists. MBO provides awareness training and internal auditor training, complete with certificates.

MBO External Audit Assistance assists your organization in facing certification audits by accredited certification bodies, ensuring you are ready, not just hoping.

Follow-up on Findings After the audit, MBO helps address each finding (nonconformity) until the official certificate is issued.

Conclusion

If your organization is considering ISO 27001 implementation, MBO is ready to start with an honest conversation about your current state and what is realistic to achieve.

Tag: bssn