Risk management is an important area that addresses various risks faced in business operations. This study examines the implementation of the Hospital Management Information System (Hospital Information System or HIS, for brevity) at Hospital X to improve operational efficiency, data accuracy, and information security. The HIS supports the integration of various hospital departments, reduces errors, and improves coordination. Despite these benefits, current risk management practices in hospitals often fall short of full compliance with ISO 27001 standards, potentially impacting data confidentiality, integrity, and availability. This research employs the Failure Mode and Effects Analysis (FMEA) and ISO 27001 methodologies to identify hardware, software, human resources, and information assets risks. The research identified 20 potential causes of failure that could compromise the security of IT assets at Hospital X.