<![CDATA[Information security plays a vital role in maintaining the reliability and continuity of business processes, particularly in the retail sector where data integrity is crucial for claim validation and payment systems. PT XYZ developed a Claim Management System to enhance transparency and efficiency in managing incentive claims. However, recurring challenges such as frequent data loss and weak access control disrupted operations and posed risks to business continuity. This study aims to evaluate the maturity level of information security management at PT XYZ to address these issues. COBIT 2019 was selected as the primary framework because it offers a structured and measurable approach for assessing IT governance maturity, while ISO/IEC 27001:2022 was applied to identify relevant security controls for further improvement. A descriptive comparative method was employed, utilizing questionnaires, interviews, and domain mapping. The findings indicate that PT XYZ achieved its targeted maturity level across all assessed domains, with some processes exceeding expectations. Although no significant gaps were identified, several recommendations were proposed, including regular business continuity and disaster recovery testing, integration of security controls into the ISMS, enhanced real time monitoring, and regulatory compliance mapping. The study concludes that combining COBIT 2019 and ISO/IEC 27001:2022 provides a comprehensive framework for strengthening IT governance and information security, with practical implications for improving organizational resilience.]]>
