Information security is a highly important aspect of digital records management because electronic data carries risks of misuse, damage, and operational disruption. These conditions require organizations that provide digital records storage services, including PT Putraduta Buanasentosa, to ensure that every operational process is protected with adequate security mechanisms. This study aims to examine how the company implements information security based on the NIST Cybersecurity Framework (CSF). The research employs a descriptive qualitative method through interviews with technical staff and a review of operational procedure documents related to data protection. The findings indicate that the company has implemented the core functions of the NIST Cybersecurity Framework (CSF) through access control, system monitoring, incident handling, and data recovery, all of which support service continuity. The study also highlights the need for improvements in structured risk assessment, regularly conducted security training, and more complete and consistent incident documentation. In addition, the research identifies that strengthened coordination between internal units and more refined incident response procedures can help the company better anticipate evolving digital threats. Overall, the study concludes that the implementation of information security within the company is moving in the right direction but still requires continuous enhancement to keep pace with the dynamics of digital threats and maintain the reliability of digital records storage services for all users in daily operations.