<![CDATA[Today's technology is an important asset to support the business activities of institutions or institutions, STMIK Mardira Indonesia is a higher education institution that requires technology for educational service facilities. Information technology security governance is useful for protecting assets while maintaining the sustainability of information technology services, several standards for governance have also been used to ensure the security of information technology assets, SNI ISO / IEC 27001 and SNI ISO / IEC 27002 are national standards that adopt from international standards in its activities require evaluation to determine governance readiness and the US index is used as an evaluation tool towards the standardization. The evaluation results in the electronics sector have a value of 21 which means the electronics sector in this institution is high according to the US Index 10 to 15 low, 16 to 34 high and 35 to 50 strategic. However, on the status of preparedness with a value of 117 which means that it is still not feasible for SNI ISO / IEC 27001 certification to be eligible for certification is a range of values 273 to 445. On the basis of some evaluation results obtained, governance is carried out in Annex A.5.1.1 Information security policy document, A.5.1.2 Review of the policies for information security, A.6.1.1 Information security roles and responsibilities, A.15.1.1 Information security policy for supplier relationships, A.16.1 Reporting information security events and weaknesses and Annex 16.1 .3 Reporting information security weaknesses. Keywords: Governance TI, Information Technology Security, SNI ISO / IEC 27001 and SNI ISO / IEC 27002.DOI : http://doi.org/10.5281/zenodo.3929041]]>
