Perancangan Framework Mitigasi Risiko Pengelolaan Server Menggunakan Iso 27001:2022 (Studi Kasus: Unit Kjsi Politeknik Negeri Bengkalis)

With the increasing use of information and communications technology (ICT) in educational operational activities, risks to information security, such as cyber attacks and natural disasters, are becoming increasingly significant. This research aims to identify, analyze and design systematic and structured risk mitigation measures, in order to maintain the integrity, confidentiality and availability of information managed by the server. The method used in this research is risk analysis using the FMEA (Failure Mode and Effect Analysis) approach and the application of the ISO 27001:2022 standard. The research process includes problem identification, literature study, risk identification, risk analysis, risk evaluation, and designing a risk mitigation framework. The research results show that there are several significant risks that need to be addressed, such as physical damage to servers and network failure, which can affect the operations of the KJSI unit. The resulting framework is expected to provide clear guidance in managing server security, as well as increasing the awareness and capability of KJSI units in dealing with information security threats. Thus, this research makes an important contribution to risk mitigation efforts in higher education environments, as well as becoming a reference for other institutions in implementing effective information security standards.