Information Security Management Systems (ISMSs) require periodic evaluation to assess their level of compliance with established standards and frameworks. This study evaluates the implementation of an Information Security Management System in an Indonesian cybersecurity services company, with a particular focus on the Compliance Division and the Security Operations Center (SOC). The case study was selected because the organization's ISMS had not been implemented consistently, particularly regarding the regular updating of security policies and operational procedures. As a cybersecurity service provider, the company is expected to conduct periodic compliance assessments to ensure alignment with recognized information security management standards, such as ISO/IEC 27001:2022. The study employed a Gap Analysis approach that combined qualitative and quantitative data. Data were collected through direct observation and a review of internal documentation after obtaining the company's authorization. The results indicate an overall compliance level of 77.5%. Three control areas achieved full compliance: the timely execution of internal audits, incident documentation, and log management. Based on the identified gaps, a set of improvement recommendations was developed to assist the organization in achieving greater compliance with the requirements of ISO/IEC 27001:2022. This study provides practical contributions by demonstrating the application of the ISO/IEC 27001:2022 framework for conducting internal compliance audits of Information Security Management Systems and offering actionable recommendations for strengthening organizational information security governance.