Journal of Information Systems and Informatics
Vol 8 No 3 (2026): June

Integrating ISO, CIPP and CMMI Frameworks for Data Privacy Compliance: A System-Level Maturity Assessment with PDCA-Based Architecture in a KBMI Group IV Bank

Delfindra Faiz Noorhadi (Islamic University of Indonesia)
Mukhammad Andri Setiawan (Islamic University of Indonesia)



Article Info

Publish Date
22 Jun 2026

Abstract

This study examines the organizational and technical readiness of a systemically important Indonesian bank (KBMI Group IV) in responding to the enactment of the Personal Data Protection (PDP) Law, which necessitates robust privacy engineering and system architecture adaptation. This maturity assessment is conducted as a single-case study based on empirical data collected from two primary respondents: a Business Branch Manager and a Department Head Application Developer. To comprehensively evaluate the system, this study integrates a multi-model framework. First, the Context, Input, Process and Product (CIPP) model qualitatively measures the organization's governance, resources, workflows and policy impacts. These qualitative findings are then translated into CMMI-based process maturity scores. The observed empirical findings reveal an overall maturity score of 3.69, positioning the organization at Level 3 (Defined) as an institutional baseline rather than a sector-wide indicator. The observed findings also expose a regulatory conflict between the PDP Law's 'Right to be Forgotten' and mandatory financial data retention regulations. To address these observed gaps, the study proposes two framework outputs: a comprehensive mapping matrix that aligns regulatory requirements with ISO 27001 and ISO 27701 standards and a conceptual PDCA-based system architecture utilizing data masking and pseudonymization. Although the proposed framework is developed within the context of a single institution, it offers a valuable preliminary foundation for evaluating technical privacy compliance in the banking sector, subject to further validation across a broader range of financial institutions.

Copyrights © 2026






Journal Info

Abbrev

isi

Publisher

Subject

Computer Science & IT

Description

Journal-ISI is a scientific article journal that is the result of ideas, great and original thoughts about the latest research and technological developments covering the fields of information systems, information technology, informatics engineering, and computer science, and industrial engineering ...