RSU Haji Surabaya is a government-owned hospital in East Java province. Asset management performed by one of the installation of the Installation Management Information Systems (MIS-RS) and software (Software) is used Healthy Plus application which has been operating for the last 1 year. In managing the assets of RSU Haji there are several obstacles, namely: there are many outsiders who were not authorized to be in and out of the processing room information on data center space, loss of data, manipulation of data from unauthorized access, viruses, data theft, unauthorized access to the application.

So that these constraints will not recur or become, the RSU Haji Surabaya need to conduct an audit to determine current conditions compared with conditions should be. The standard used is ISO 27002:2005 with the scope of clause 8 (eight), 9 (nine), 11 (eleven), and 12 (twelve).

From the implementation of information systems audit, the resulting value of 1.75 Maturity Level are included in the initial category, which means much of the existing information system security on the SIM-RS Installation not in accordance with the ISO 27002 standard procedures. The study also produce recommendations for process improvement and information systems can be used to enhance the security of information on RSU Haji Surabaya.

Keywords : Audit, ISO 27002, Security Information systems, Maturity Level