[XYZ Indonesia sebagai salah satu perusahan penyedia layanan TI terdepan terus berinovasi untuk memberikan solusi dan produk terbaik bagi para pelanggannya. Dalam usaha memberikan solusi dan produk-produknya, XYZ berupaya untuk meyakinkan para calon pelanggan bahwa solusi yang ditawarkan dapat berjalan sesuai ekspektasi para pelanggan. Dalam kaitannya dengan hal ini, pelanggan umumnya membutuhkan suatu pembuktian. Oleh karena itu, XYZ Indonesia mengupayakan fasilitas Demo Center yang dimilikinya yang sebelumnya digunakan untuk kegiatan Showcase, menjadi tempat uji coba dan pembuktian konsep teknologi yang sesuai dengan solusi yang ditawarkan kepada pelanggan.Data adalah informasi, dan informasi merupakan salah satu aset yang sangat berharga, dan merupakan kekuatan serta termasuk elemen terpenting dalam sebuah perusahaan. Dikarenakan kondisi Demo Center yang belum memadai dari segi keamanan informasi, para calon pelanggan belum teryakinkan untuk melakukan uji coba pada fasilitas ini, dikarenakan data yang digunakan pada uji coba umumnya adalah data aktual perusahaan. Hal ini berdampak pada hilangnya potensi pendapatan pihak XYZ Indonesia dari hilangnya potensi bisnis dari calon pelanggan.Dengan demikian makan diperlukan untuk disusun suatu kebijakan keamanan informasi untuk fasilitas Demo Center yang berguna untuk dapat mengurangi risiko-risiko yang mungkin terjadi, serta meyakinkan dan memberikan rasa aman bagi para pelanggan. Dimana pada penelitian ini digunakan ISO 27001:2013 sebagai standar acuan perancangan kebijakan.;XYZ Indonesia as a leading IT solution company keep inovating to provide its customers with the best products and solutions. In its effort to provide them, XYZ strives its best effort to convince its customer that the product and solution which XYZ proposes will meet customers? expectations. In accordance with this, customers usually need some proof of concept. Therefore, XYZ Indonesia leverage its Demo Center facility which was previously only utilized for any Showcase activites, into a proof of concept situated area.Data is considered as information, and information is considered as one of the primary assets of every enterprise. With regard to Demo Center?s current condition that doesn?t have adequate level of information security, most customers currently aren?t convinced to do the proof of concept in this facility, because most of the time, the data which will be used for the proof of concept activity are actually their company?s actual data. This situation give bad impact to XYZ?s potential Revenue due to loosing the business project.Considering that fact, therefore it?s needed to build security policy for Demo Center facility which will reduce potential risks what would occur, and can also convince the customers to leverage the facility. In conducting this research and build the policy, ISO 27001:2013 is used as reference standard, XYZ Indonesia as a leading IT solution company keep inovating to provide its customers with the best products and solutions. In its effort to provide them, XYZ strives its best effort to convince its customer that the product and solution which XYZ proposes will meet customers’ expectations. In accordance with this, customers usually need some proof of concept. Therefore, XYZ Indonesia leverage its Demo Center facility which was previously only utilized for any Showcase activites, into a proof of concept situated area.Data is considered as information, and information is considered as one of the primary assets of every enterprise. With regard to Demo Center’s current condition that doesn’t have adequate level of information security, most customers currently aren’t convinced to do the proof of concept in this facility, because most of the time, the data which will be used for the proof of concept activity are actually their company’s actual data. This situation give bad impact to XYZ’s potential Revenue due to loosing the business project.Considering that fact, therefore it’s needed to build security policy for Demo Center facility which will reduce potential risks what would occur, and can also convince the customers to leverage the facility. In conducting this research and build the policy, ISO 27001:2013 is used as reference standard]