ANALYSIS MATURITY LEVEL MEDICAL SERVICES ELECTRONIC USING COBIT 5 FRAMEWORK (CASE STUDY: RSUD XYZ)

The objective of this study is to develop an audit strategy for information system security at XYZ General Hospital, perform a comprehensive security assessment of the REMPEYEK (Electronic Service Medical Record) information system, and provide recommendations for improvement. Quantitative research is a methodology that involves the collection of data through direct assessment of the individuals or entities under investigation. In addition, the COBIT 5 tool is employed to analyze the gathered data in order to acquire a quantitative capability analysis. This study examines the COBIT 5 framework's relevance to the identification of business objectives for information system security in the context of the Rempeyek information system. The identified problems and obstacles in the system include inadequate budget management, insufficient coordination between Diklitbang and the units involved in application development, and a misalignment between information technology systems and security measures. The findings of the assessment on the maturity of the information system security indicate that the DSS05 and APO13 domains have achieved a level 2 status, known as "Managed Process." The capability values for these domains are recorded as 2.02 and 2.68, respectively. This suggests that the relevant procedures have been effectively executed, supervised, and regulated.