Risk Management in Information Systems: Applying ISO 31000:2018 and ISO/IEC 27001:2022 Controls at PMI's Central Clinic
Main Article Content
Abstract
PMI Main Clinic is a national association organization in Indonesia engaged in health services. PMI Main Clinic has an information system to support its health service process. One of the information systems is the Clinic Management Information System (Smart Klinik), this information system is used to record patients from the beginning of the patient's arrival to register until the patient gets the medicine. PMI Main Clinic has never implemented information system risk management before. If a risk occurs at the PMI Main Clinic, the PMI Main Clinic can suffer huge losses and hamper the health service process. To find out the possible risks that can occur at PMI, the ISO 31000: 2018 method is used and the control standard uses ISO 27001: 2022. It can be seen from the 22 possible risks, there are 4 possible risks with very high levels, 2 possible risks with high risk levels, 10 possible risks with moderate risk levels, and 6 possible risks with low risk levels. The control recommendations used ISO/EIC 27001:2022 from the result Equipment maintenance, Information backup, Protection against malware, Installation of software on operational systems, Monitoring activities, Web filtering, Network’s security, Security of network services, Segregation of networks, Secure system architecture and engineering principles.
Article Details

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with International Journal for Applied Information Management agree to the following terms: Authors retain copyright and grant the International Journal for Applied Information Management right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share (copy and redistribute the material in any medium or format) and adapt (remix, transform, and build upon the material) the work for any purpose, even commercially with an acknowledgement of the work's authorship and initial publication in International Journal for Applied Information Management. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in International Journal for Applied Information Management. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).