This study aims to measure the information technology governance capability level at SLB Cendana Rumbai using the COBIT 2019 framework. The study was conducted due to several issues in information technology management, including the absence of structured risk management, the lack of Standard Operating Procedures (SOPs) related to information security, the absence of periodic data backup and recovery mechanisms, and irregular monitoring of system security. This study focuses on the APO12 (Managed Risk) and APO13 (Managed Security) domains, which were selected based on design factor results as the main priorities for information technology management in the school. The research methods employed include observation, interviews, documentation, and questionnaire distribution to relevant stakeholders. The capability level measurement was carried out to determine the current condition of information technology governance (current capability), identify gaps between the current and expected levels, and formulate improvement recommendations. The results indicate that risk management and information security at SLB Cendana Rumbai still require improvement to become more effective, structured, and well-directed. Therefore, improvement recommendations were proposed as guidelines to enhance the quality of information technology governance in supporting the school’s operational activities optimally.
Copyrights © 2026