Risk Management in Optimizing the Success of Information Technology Projects Using the ISO 31000 Framework

Authors

  • Farhat Falfalla Ahkmad Universitas Islam Negeri Sunan Ampel
  • Ilham Universitas Islam Negeri Sunan Ampel

DOI:

https://doi.org/10.61769/telematika.v19i2.712

Keywords:

information system, ISO 31000, Cobit 5, FMEA, risk management, information technology

Abstract

This research examines the application of the ISO 31000 framework in information technology risk management through various case studies. The focus of this research is on the identification, analysis, evaluation, and management of risks within organizations, particularly in the banking, e-commerce, government, and education sectors. Through a systematic literature review (SLR) approach, this research synthesizes insights from ten case studies involving the application of ISO 31000 in managing risks, such as cyber threats, data leakage, and operational disruption. The results show that ISO 31000, when combined with other methodologies such as COBIT 5 and FMEA, provides a more holistic approach to risk management by prioritizing risks and developing tailored mitigation strategies. The research also highlights the importance of continuous monitoring and evaluation to ensure the effectiveness of risk treatment. The results confirm that the implementation of ISO 31000 significantly improves organizational resilience and decision-making in managing IT risks and ensures long-term business continuity and stakeholder trust. This research provides valuable insights for organizations looking to improve their IT risk management strategy and framework.

Author Biographies

Farhat Falfalla Ahkmad, Universitas Islam Negeri Sunan Ampel

Information System Study Program

Ilham, Universitas Islam Negeri Sunan Ampel

Information System Study Program

References

S. D. Kuncoro, R. A. Ghaisan, M. U. Zaky, dan A. Wulansari, “Manajemen risiko pada teknologi informasi: studi kasus pada perusahaan jasa,” ComTech: Computer, Mathematics and Engineering, vol. 1, no. 3, hlm. 313–323, 2023.

H. Talitha, I. Driantami, dan A. R. Perdanakusuma, “Analisis risiko teknologi informasi menggunakan ISO 31000 (studi kasus: sistem penjualan PT Matahari Department Store cabang Malang Town Square),” Jurnal Pengembangan Teknlogi Informasi dan Ilmu Komputer (J-PTIIK), vol. 2, no. 11, hlm. 4991–4998, 2018.

F. A. Hardianto dan Y. S. Dharmawan “Manajemen risiko TI ISO 31000 dengan Cobit 5 dan FMEA (PT XYZ),” Jurnal SITECH: Sistem Informasi dan Teknologi, vol. 4, no. 2, 2021. DOI: https://doi.org/10.24176/sitech.v4i2.6649

H. I. Pribadi, “Manajemen risiko teknologi informasi pada penerapan e-recruitment berbasis ISO 31000 : 2018 dengan FMEA (studi kasus PT Pertamina ),” Jurnal Sistem Informasi Bisnis (JSINBIS), vol. 10, no. 1, hlm. 28–35, 2020. DOI: https://doi.org/10.21456/vol10iss1pp28-35

A. N. Rahmatika, M. F. Apriyadi, dan M. A. Kahfi, “Analisis manajemen risiko teknologi informasi pada Sistem Informasi Akademik (Siak) Universitas Muhammadiyah Sukabumi (UMM) menggunakan ISO 31000,” Jurnal Manajemen dan Teknologi Informasi (JMTI), vol. 14, no. 1, hlm. 48–57, 2024. DOI: https://doi.org/10.59819/jmti.v14i1.3321

R. Setianingsih, Z. F. Hapsah, U. N. Habibah, dan D. V. Natasya, “Pengaruh penerapan ISO 31000 dalam meningkatkan efektivitas manajemen resiko pada perusahaan J&T Express,” Journal of Sharia Economics Scholar (JoSES), vol. 2, no. 4, hlm. 156–160, 2025.

J. D. McKeen dan H. A. Smith, IT Strategy: Issues and PracticesIssues and Practices. Pearson Education, 2014. [Daring]. Tersedia: https://books.google.co.id/books?id=r7GKBAAAQBAJ

B. Kitchenham dan S. M. Charters, “Guidelines for performing systematic literature reviews in software engineering,” January 2007, 2021.

A. R. Tampubolon, “Manajemen risiko teknologi informasi menggunakan framework ISO 31000 : 2009 (studi kasus: pembobolan ATM BCA tahun 2010),” Jurnal Telematika, vol. 7, no. 2, 2010. DOI: https://doi.org/10.61769/telematika.v7i2.58

I. Masita, “Analysis of risk management implementation in the internal audit unit (SPI) Politeknik Pelayaran Surabaya using ISO 31000,” Robust: Research of Business and Economics Studies, vol. 2, no. 2, hlm. 20–33, 2022. DOI: https://doi.org/10.31332/robust.v2i2.3691

B. Yolanda, M. Nasrullah, dan A. Kusumawati, “Analisis manajemen risiko dengan menggunakan framework ISO 31000 : 2018 pada sistem informasi e-gudang Satpol PP Kota Surabaya,” Jurnal TeIKa (Teknologi Informasi dan Komunikasi), vol. 14, no. 2, hlm. 79–91, 2018.

A. A. Herlambang, A. A. Gani, dan D. D. Alvianto, “Pendekatan ISO 31000 : 2018 dalam manajemen risiko teknologi informasi pada tracer study Universitas Sebelas April,” JICN: Jurnal Intelek dan Cendikiawan Nusantara, vol. 1, no. 4, September, hlm. 5651–5660, 2024.

Elly, H. Chen, dan Joosten,“ISO 31000 : 2018-based IT infrastructure risk management study (Case study: Universitas Mikroskil),” Jurnal Riset Informatika, vol. 5, no. 1, hlm. 469–480, 2022. https://doi.org/10.34288/jri.v5i1.448

D. R. Haryanti dan M. Hutomo, “Analisis manajemen risiko operasional berbasis ISO 31000 : 2018 terhadap perusahaan logistik (studi kasus JNE Station Center Gedebage Kota Bandung),” Jurnal Simki Economic, vol. 7, no. 2, hlm. 631–642, 2024. DOI: https://doi.org/10.29407/jse.v7i2.709

J. P. Dinatha, “Analisis manajemen resiko proyek menggunakan framework ISO 31000 (studi kasus: website rental mobil),” JATI: Jurnal Mahasiswa Teknik Informatika, vol. 8, no. 3, hlm. 4276–4284, 2024. DOI: https://doi.org/10.36040/jati.v8i3.9901

Downloads

Published

2025-03-13

Issue

Vol. 19 No. 2 (2024)

Section

Articles

License

Copyright (c) 2024 Farhat Falfalla Ahkmad, Ilham

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

 

You are free to:

  1. Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
  2. Adapt — remix, transform, and build upon the material for any purpose, even commercially.
  3. The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

  1. Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  2. ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
  3. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Notices:

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation.

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.