MANAJEMEN RISIKO SISTEM INFORMASI PADA PT. PEGADAIAN (PERSERO) CP BUMIAYU MENGGUNAKAN METODE ISO 31000

PT. Pegadaian (Persero) CP Bumiayu uses three types of applications namely PDS (Pegadaian Digital Service), Pawn Agents, and Passion in serving customers. Employees at Pegadaian (Persero) especially the Bumiayu branch always do their jobs by running the three applications well, but don't pay attention to possible risks that may occur. So that companies can overcome the risks that might occur, improve company performance, and as a warning to be more careful in the use of information systems, it is necessary to risk management of information systems at PT. Pegadaian (Persero) CP Bumiayu uses the ISO 31000: 2018 method. International Risk Management Standards ISO 31000: 2018 (Susilo & Kaho, 2018) reemphasize some important things as the aim of risk management is value creation and value protection, risk management is an inseparable part of leadership and organizational governance, risk management must consider the context its application, namely the organization's external and internal context, and risk management must take into account human and cultural behavior factors. From the results of the SI Passion evaluation there is one high risk and eleven medium risks, SI Pawn Agents have two high risks and five medium risks, SI PDS there are two high risks and two medium risks, whereas for the low risks of the three information systems there are none.