<![CDATA[Digital transformation in Islamic boarding schools (pesantren) presents new challenges in protecting information assets and student data privacy. This study aims to perform an information security analysis in a pesantren currently undergoing a crucial digital transition, aligned with the institutional vision to implement digital administrative services and science-and-technology-based learning. The research methodology integrates the ISO/IEC 27001:2022 information security standard as an audit instrument into the TOGAF ADM framework, limited to Phase D (Technology Architecture). This approach aims to establish a foundational infrastructure and critical technical governance that complies with security standards prior to the architecture implementation phase. A selection of 41 security controls was made through asset identification and risk assessment to represent the specific operational needs of the pesantren for effective mitigation. Research findings reveal significant gaps in identity management, backup protocols, and cryptography, stemming from a governance approach that remains reactive. This study concludes that strengthening information security through policy standardization, the implementation of Role-Based Access Control (RBAC), and data recovery procedures is urgent to ensure the integrity and sustainability of digital services. The synergy between regulatory compliance and resilient technology architecture serves as the primary determinant in protecting data sovereignty within traditional educational institutions.]]>
