RSUD Bangil is a government hospital Bangil regency. RSUD Bangil have assets that must be managed properly in order to minimize the security risk. Obstacle now is the slow acceptance to the information needs of management, lack of integrity of the data received, and lack of suitability or validation data results. The problems caused by lack of proper asset management of SIM-RS Installation so that could pose a risk. So that the hospital can be minimized Bangkil audit requires action by providing information system security ISO 27002: 2005 as a security best practice standards.Audits performed at the SIM-RS with stages according to ISACA. Scope examined adjusted by mutual agreement of which asset management, human resources security, physical and environmental security, access control and information systems acquisition, pembangunaan and maintenance.Result of the implementation of information systems security audit found the average value of 3.22 which means the level of maturity of information security measures according to ISO / IEC 27001: 2009 was at a level 3 which is pro-active. The results of the findings obtained in order to provide recommendations in accordance with ISO 27002: 2005 to the RSUD Bangil.