Information security plays a vital role in maintaining the reliability and continuity of business processes, particularly in the retail sector where data integrity is crucial for claim validation and payment systems. PT XYZ developed a Claim Management System to enhance transparency and efficiency in managing incentive claims. However, recurring challenges such as frequent data loss and weak access control disrupted operations and posed risks to business continuity. This study aims to evaluate the maturity level of information security management at PT XYZ to address these issues. COBIT 2019 was selected as the primary framework because it offers a structured and measurable approach for assessing IT governance maturity, while ISO/IEC 27001:2022 was applied to identify relevant security controls for further improvement. A descriptive comparative method was employed, utilizing questionnaires, interviews, and domain mapping. The findings indicate that PT XYZ achieved its targeted maturity level across all assessed domains, with some processes exceeding expectations. Although no significant gaps were identified, several recommendations were proposed, including regular business continuity and disaster recovery testing, integration of security controls into the ISMS, enhanced real time monitoring, and regulatory compliance mapping. The study concludes that combining COBIT 2019 and ISO/IEC 27001:2022 provides a comprehensive framework for strengthening IT governance and information security, with practical implications for improving organizational resilience.

N. Kadek Widiartini, A. Agung Hary Susila, and P. Veda Andreyana, “Security Risk Evaluation of Licensing System Using NIST SP 800-30 Framework and Maturity Level with CMMI.”

D. Dinda, B. Rama Dika, R. Mulyana, and M. Lubis, “Utilization of ISO 27001:2022 In Designing Information Security for Digital Transformation at BPRCO SME.”

R. Rakan, R. Mulyana, and M. Lubis, “Utilizing ISO 27001:2022 to Design Information Security for BPRACo SME Digital Transformation,” Jurnal Teknologi Dan Sistem Informasi Bisnis, vol. 6, no. 4, pp. 820–831, Oct. 2024, doi: 10.47233/jteksis.v6i4.1621.

L. D. Fitrani, “Risk Assessment And Development Of Access Control Information Security Governance Based On ISO/IEC 27001:2013 At XYZ University,” Risk Assessment And Development Of Access Control Information Security Governance Based On ISO/IEC, vol. 9, no. 2, 2022, [Online]. Available: http://jurnal.mdp.ac.id

A. Viamianni, R. Mulyana, and F. Dewi, “COBIT 2019 INFORMATION SECURITY FOCUS AREA IMPLEMENTATION FOR REINSURCO DIGITAL TRANSFORMATION,” JIKO (Jurnal Informatika dan Komputer), vol. 6, no. 2, Aug. 2023, doi: 10.33387/jiko.v6i2.6366.

N. R. Fachrur Rozi, A. Agustav Wirabudi, and S. Arandiant Rozano, “Chance Evaluation and Improvement of Get to Control Data Security Administration Based On ISO/IEC 27001 at Telkom University Jakarta Campus,” International Journal of Science Education and Cultural Studies, vol. 3, no. 2, pp. 1–26, Jun. 2024, doi: 10.58291/ijsecs.v3i2.246.

M. Suorsa and P. Helo, “Information security failures identified and measured–ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis,” Information Security Journal, vol. 33, no. 3, pp. 285–306, 2024, doi: 10.1080/19393555.2023.2270984.

“Enhancing Information Security Management System using ISO controls-based framework. Enhancing Information Security Management System using ISO controls-based framework.”

S. Meitarice, L. Febyana, A. Fitriansyah, R. Kurniawan, and R. A. Nugroho, “Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 Security Controls,” Journal of Information Technology and Cyber Security, vol. 2, no. 2, pp. 58–75, Nov. 2024, doi: 10.30996/jitcs.12099.

A. Y. El-Bably, “Overview of the Impact of Human Error on Cybersecurity based on ISO/IEC 27001 Information Security Management,” Journal of Information Security and Cybercrimes Research, vol. 4, no. 1, pp. 95–102, Jun. 2021, doi: 10.26735/wlpw6121.

R. Purnomo and R. Harwahyu, “Risk Management Analysis in Digital Bank XYZ Using the COBIT 2019 Framework,” MALCOM: Indonesian Journal of Machine Learning and Computer Science, vol. 5, no. 3, pp. 1012–1018, Jul. 2025, doi: 10.57152/malcom.v5i3.1876.

A. Intan Mafiana, L. Hanun, H. Mufidatul Ilmi, and S. Febriliani, “Implementasi Manajemen Keamanan Informasi Berbasis ISO 27001 Pada Sistem Informasi Akademik Universitas,” Journal of Digital Business and Innovation Management JDBIM (Journal of Digital Business and Innovation Management, vol. 2, no. 2, pp. 139–163, 2023, doi: 10.1234/jdbim.v2i2.57580.

E. Susanto, “Hasil Penilaian Risiko Keamanan Informasi pada Laboratorium Klinik Berdasarkan Kriteria Kendali Dalam Penerapan ISO 27001,” Jurnal Rekayasa Sistem Industri, vol. 12, no. 2, pp. 155–164, Oct. 2023, doi: 10.26593/jrsi.v12i2.6315.155-164.

. S. and F. Ajismanto, “Implementation Evaluation of Information Technology in the New Normal Era Using Cobit 2019 Method,” KnE Social Sciences, May 2023, doi: 10.18502/kss.v8i9.13318.

A. Aminudin et al., “Kematangan risiko keamanan informasi layanan TI menggunakan pendekatan NIST dan standar ISO 27001:2013 (Studi kasus: Bapenda Provinsi Jawa Tengah),” AITI: Jurnal Teknologi Informasi, vol. 21, no. 2, pp. 210–229, 2024.

S. Samsinar and R. Sinaga, “Information Technology Governance Audit at XYZ College Using COBIT Framework 2019,” BERKALA SAINSTEK, vol. 10, no. 2, p. 58, Jun. 2022, doi: 10.19184/bst.v10i2.30325.

M. Asriannoor, “89 Asrian-Maturity Level Analysis of FT ULM Service System Using The Cobit 2019 Framework T MATURITY LEVEL ANALYSIS OF FT ULM SERVICE SYSTEM USING THE COBIT 2019 FRAMEWORK.”