Francis Anderson Kojongian,Mewati Ayub

DOI: https://doi.org/10.28932/jutisi.v7i1.3434

2021-04-24

Jurnal Teknik Informatika dan Sistem Informasi

Abstract:In order to achieve the company goals, in Universitas Kristen Maranatha, Information system becomes the main tool and Information Technology infrastructure become the backbone in running the company business model, along with the increasing of portfolio application, number of Information Technology services and the amount of human resources. Universitas Kristen Maranatha requires an international standard instrument to measure several domains, both Manage and Operation domains, holistically. By implementing frameworks such as COBIT 5 or COBIT 5 for IT RISK, ISO 31000: 2018, the company is able to measure planning effectiveness, strategic policies implementation, IT service management measured by Service Level Agreement, monitoring and evaluation. In this research, there are 7 domains implemented as follows: EDM01-Ensure Governance Framework Setting and Maintenance, EDM03- Ensure Risk Optimization, AP002- Manage Strategy, APO09- Manage Service Agreements, AP012-Manage Risk, BAI01-Manage Programmes and Projects, BAI05- Manage Organizational Change Enablement.

English Else

Fathimatus Zahrotun Nisa',Ganes Dwi Febrianti,Navy Nurlyn Ajrina

DOI: https://doi.org/10.47065/bulletincsr.v4i1.313

2023-12-13

Abstract:The use of Information Technology (IT) is an important part of all business activities, especially in the service sector. It is important to ensure the security, availability and integrity of their systems. The impact of failure in IT Risk Management greatly influences success. The implementation of IT Risk Management is needed to be able to help companies in the event of losses. In its use, a framework is needed that functions to identify, evaluate and manage existing risks. Therefore, this research will show the COBIT framework that is suitable for managing existing risk management. This research was carried out using the Systematic Literature Review method which started from the stages of formulating research questions, literature search, literature selection, data extraction and discussion aimed at answering Research Questions. In this research, 25 articles were found which were used as literature sources. The research results show that COBIT 2019 is the version of COBIT most often used in IT Risk Management in the industrial service sectors. In implementing COBIT, companies face various challenges such as lack of in-depth understanding of COBIT, lack of work process documentation and lack of operational standards for risk control and incompatibility of IT strategy with company strategy. This research also found that there are 8 points of COBIT implementation strategy to help service industry companies achieve organizational goals more effectively and efficiently through IT risk management.

Fathoni,Novita Simbolon,Dinna Yunika Hardiyanti

DOI: https://doi.org/10.1088/1742-6596/1196/1/012033

2019-03-01

Journal of Physics: Conference Series

Abstract:Stakeholders in a company have a right knowing about optimizing information security management. It can affect a company's performances and reputation. Information is the biggest business driver in an organization or company. This research aims to measure the capability of the company which is implemented information security governance that impacts on enterprise risk. The Loan Debit Network Corporation system is the main system that supports the company's business process for corporate lending transactions management. The capability level measurement is based on COBIT 5.0 for Information security and ISO 27001: 2013 Guidelines as a value against the Information Security Governance component rating. It starts with aligning organizational goals from COBIT 5.0 perspectives to obtain five COBIT 5.0 IT processes. The current capability is at level 2.5. Improvement recommendation from level 2.8 to level 3 refers to best practice recommended by COBIT 5.0 for Information Security.

Amin Maruf Nuris,Aditya Maharani,Renanda Nia Rachmadita

DOI: https://doi.org/10.25170/metris.v22i02.2800

2022-02-10

Jurnal METRIS

Abstract:PT. Duta Media Cipta (DMC) is a control system and IT company based in the city of Surabaya, this company focuses on procurement, maintenance and repair services for ship equipment, both mechanical and electrical. As an information technology company, PT. DMC is committed to being a trusted IT and control system company. In working on the project, PT. DMC has not implemented risk management for every software development project it has worked on. Some of the risks that are often faced in working on software projects at PT. DMC are project risks such as technical, cost, and project scheduling which are sometimes not in accordance with the established plan and cause cost and time losses to the company. So in this study using ISO 31000 as a framework in analyzing potential risks. The application of risk assessment consists of 3 stages, namely risk identification, risk analysis, and risk evaluation. The results of this study found that there are 4 risks with 26 sub-risks, of which there are 6 sub-risks that are prioritized and require risk management.

Taufik Hidayat,Cahyani Budihartanti

DOI: https://doi.org/10.54593/awl.v2i2.14

2021-10-26

JURNAL WIDYA

Abstract:Beiersdorf Indonesia merupakan perushaan FMCG multi nasional yang bergerak dalam kategori perawatan kulit. Dalam operasional perusahaan dalam rangka mengakselerasi dan memonitor penjualan menggunakan aplikasi DAR & BFAST. DAR & BFAST adalah sistem aplikasi yang mendukung proses bisnis dengan fungsinya memonitor aktifitas SPG & Salesman. Masalah yang dihadapi adalah perlunya evaluasi dengan melakukan penilaian tata kelola dan manajemen TI untuk mengetahui kondisi TI saat ini dan pemahaman mengenai kemampuan untuk mencapai tujuan bisnisnya. Penelitian ini akan berfokus pada penilaian kapabilitas proses tata kelola dan manajemen TI pada domain BAI COBIT versi 5 dengan berfokus pada domain proses BAI02 dalam rangka untuk menilai kapabilitas proses terkait pengelolaan pendefinisian kebutuhan dari implementasi DAR & BFAST. Metode penelitian yang digunakan adalah memakai framework penilaian yang mengacu pada COBIT (Control Objective for Information and Related Technology) versi 5. Terdapat Process Assessment Model (PAM) pada framework ini untuk menentukan tingkat efektifitas dan efisiensi dari sekumpulan proses, dengan cara mengevaluasi tingkat kematangan kapabilitasnya. Metode pengumpulan data pada penelitian ini adalah dengan menyebarkan kuesioner dan wawancara ke pihak penanggung jawab proses-proses yang ada. Hasil penilaian implementasi TI berbasis COBIT versi 5 di PT Beiersdorf Indonesia Indonesia menunjukkan tingkat kapabilitas proses TI domain proses BAI02 berada pada level 1 (Performed) dengan skala 24% dengan tingkat pencapaian P (partially achieved). Rekomendasi perbaikan disusun untuk mencapai target tingkat kapabilitas yang diharapkan.

Agustin Simatupang,Henricus Judi Adrianto

DOI: https://doi.org/10.21456/vol14iss2pp162-170

2024-03-05

JURNAL SISTEM INFORMASI BISNIS

Abstract:The development of Information Technology (IT) is rapidly growing and has increasing risks. Based on the Decision of the Ministry of State-Owned Enterprises S-122-MBU-DSI-05-2021 regarding the implementation guidelines for the assessment of IT Maturity Levels, companies are required to carry out an independent assessment of the maturity level of information technology. This research aims to assess the governance of IT risk management using the COBIT 2019 framework. The research method was carried out using descriptive qualitative methods using the COBIT 2019 framework and literature review, as well as through interviews, observations, questionnaires and review of company documents. The assessment results showed an average maturity level of 3.00 (Established) for 2 COBIT 2019 processes which were considered relevant to Information Technology Risk Management. On average, the 2019 COBIT processes have been implemented at PT XYZ is already running well with the IT risk management maturity level at level 3 and initiatives are still needed to reach maturity level 4 or better. Maturity level 3 means the process has been managed and achieved its goals in a more organized manner using organizational assets and resources. The process has been well defined with policies and standard operating procedures for the process and is carried out in accordance with good risk management and supports the Good Corporate Governance. In the process of increasing the maturity level of information technology risk management to higher level, there are 7 (seven) main recommendations to be implemented so that the information technology risk management process can improve and the implementation of recommendations from the assessment results will be prioritized in the implementation roadmap IT according to Company needs and targets.

I Putu Agus Raditya Pramita,Gede Indrawan,Komang Setemen

DOI: https://doi.org/10.31763/businta.v7i2.639

2023-11-27

Bulletin of Social Informatics Theory and Application

Abstract:A hospital's operations, such as patient registration, medical management, financial management, and upgrading the services offered in the hospital, are managed and organized using an application system called a hospital management information system (HMIS). Because the lack of evaluation in the usage of HMIS has led to insufficient security in the HMIS, this research focuses on Saraswati Dental and Oral Hospital as the research site. Due to lax security measures, confidential data is readily accessible. The prevalence of duplicate data entry is an issue, and the success of HMIS performance implementation is still unknown. The COBIT 5 framework has been used to administer the HMIS at Saraswati Dental and Oral Hospital using the MEA (Monitor, Evaluate, Assess) and BAI (Build, Acquire, Implement) domains in response to these problems. This decision was made with the intention of aligning the application with the necessary features, monitoring system security, evaluating, and assessing the domain's alignment with the hospital's strategy in order to ascertain whether the current system still achieves the intended goals and maintains the controls required to satisfy the requirements. This study makes use of questionnaire, observation, and interview techniques. The capacity levels used in the COBIT 5 study were taken from ISO/IEC 15504-2-2003, and they were combined using straightforward mathematical calculations in accordance with the rules for computing capability values. Weaknesses or flaws in the security system that need to be fixed can be found by analyzing the capability levels in the MEA and BAI domains. The study's findings include suggestions for increasing the security system, which will enhance Saraswati Dental and Oral Hospital's HMIS performance and give users and patients with more beneficial outcomes

Inna Madiyaningsih,Kalamullah Ramli

DOI: https://doi.org/10.31943/gw.v14i2.476

2023-08-15

Gema Wiralodra

Abstract:Based on the report security year 2022 from company Z in the ICT sector, it was found that on the report firewall security, 96% of level threat is level critical, and 4% is level high. Report email security is session domain 27.3%; Session limits 15.35 %; Forti Guard AntiSpam-IP 3.11%, and the rest is receipt verification; directory filter and access control relay denied. With the challenge of current cyber-attacks, precious data assets need analysis to measure the the level of IT maturity that can ensure stakeholders' interest and maximize benefits and opportunities through technology information. We overcome limitations by analyzing IT maturity using COBIT 5. Research focused only on the APO13 and DSS05 process domains. A study was done to identify the problems based on results observation, checking, and use of a questionnaire in a direct manner. Measurement is done through method evaluation self and interviews deep with the IT team and all power expert who has COBIT certification 5. Analysis results show that the measurement level for the APO13 domain is 3, and for DSS05 is level 2. These results still need to be below the set level 4 target management; therefore, building a framework to monitor, track, and record security data in real time is necessary. With the build framework, Work can help lower the threat level from a critical level to a high level and increase the COBIT Maturity Level to APO13 and DSS05 according to organizational targets.

Fachrizal,*Ahmad Nurul Fajar,,

DOI: https://doi.org/10.35940/ijitee.a3965.039520

2020-03-30

International Journal of Innovative Technology and Exploring Engineering

Abstract:The purpose of this research is to know the priority IT process in IT department at XYZ Organization and to know the level of capability in each IT process priority at IT department at XYZ organization. The data used and processed in this research were obtained from interviews with IT Director, IT Governance Supervisor, IT Development Supervisor, IT Operations Supervisor and Information Management Supervisor, and also observed the processes in the IT department. The result is obtained by priority IT processes and the level of capability in each of the priority IT processes at XYZ Organization. Based on the case study analysis, in order to create IT governance in accordance with the standards in the COBIT 5 framework, the organization have to improve IT governance thoroughly and continuously and fulfill the criteria in the COBIT 5 framework for all IT process in XYZ Organization.

Fitri Wijayanti,Dana Indra Sensuse,Arief Anthadi Putera,Andy Syahrizal

DOI: https://doi.org/10.1109/ic2ie50715.2020.9274574

2020-09-15

Abstract:The DRC of the Ministry XYZ has suffered from a system breach. The DRC's problem will lead to a lack of system information security, availability, and an increasing threat to the whole system of Ministry XYZ. In 2019, the KAMI Index assessment of the Ministry XYZ stated that the level of maturity and completeness of the application of ISO 27001 standards of the XYZ Ministry were at the level of fulfillment of the basic framework. There is a gap between the assessment result and the operational problem within the DRC of Ministry XYZ due to the lack of an information security management system. Therefore, this study conducts the same KAMI Index assessment within the scope of the DRC only and aims to offer a recommendation based on ISO 27001 as the basis of the KAMI Index assessment. This study used discussion, observation, and KAMI Index assessment tools for collecting data and analyze the result. The assessment result of the DRC showed that the maturity level of the ISO 27001 standard on the DRC is on the application of the basic framework. The suggested recommendations to improve the information security management system of the DRC were mostly in the aspect of the information security framework and assets management.

Samsinar Samsinar,Rudolf Sinaga

DOI: https://doi.org/10.19184/bst.v10i2.30325

2022-06-28

BERKALA SAINSTEK

Abstract:Reliable and up-to-date information services are one of the parameters for the achievement of an organization's performance, including for a university, which is currently required to be able to adapt to technological advances to produce graduates who can master information technology to support the competence of their respective fields. The curriculum changes launched by the current government are also proof that the application of information technology in higher education is a must. Seeing this, universities have a difficult task, especially at the implementation stage of implementing information technology, because they must prepare not only infrastructure but also human resources who can develop good information system governance. Therefore it is necessary to carry out an IT governance audit. From the results of observations made, XYZ College has utilized information technology in academic services and other information services. However, it was found that information technology governance does not yet have a standard so that it is considered not to be able to meet the desired goals, and instead will cause various problems including uncontrolled operational costs and other problems. The purpose of this study is to measure the performance of information technology governance at XYZ College using the COBIT 2019 framework. Based on the results of an audit conducted from 7 EGIT components, namely processes, organizational structure, information flow and items, people skills and competencies, policies and procedures, culture, ethical behavior, and service infrastructure and application are on average at level 3, it can be concluded that the application of information technology has been running, the infrastructure is adequate but does not have good governance procedures or standards. It is recommended that XYZ Higher Education make standards for information technology governance as well as periodic evaluations of the use of all components of information technology, both software, hardware, and brainware.

Siswo Akhmad Nurhidayat

DOI: https://doi.org/10.32924/ijbs.v2i1.29

2018-09-25

International Journal of Business Studies

Abstract:This study analyzed the perception of organization members of the group of company in Dani Prisma Mitra (DPM) about the influence of COSO organizational framework consisting of company ethical environments, risk management training and internal audit activities on the quality of internal control procedures. Population in this research is all employee in finance and non-finance department with the level of supervisor and upward at DPM. Hypothesis testing used multiple regression analysis with a discussion of contingency theory. Hypothesis testing concluded that company ethics environments and internal audit activities have the positive and significant influence on the quality of internal control procedure, while risk management activities have a positive but not significant effect on to the quality of internal control procedure.

Ardly Ekanata,Abba Suganda Girsang

DOI: https://doi.org/10.1109/ictss.2017.8288871

2017-09-01

Abstract:Communication Center (Puskom) as a management of information and communication systems of the Ministry of Foreign Affairs and the Indonesia Representative, places Information and Communications Technology (ICT) as the most strategic sector to support the implementation of Indonesia foreign policy. Many problems faced by the Ministry of Foreign Affairs relates to IT governance such as, reliability, availability and lack of IT infrastructure management which causes problem such as hackers, natural disasters, and others. This research aims to implement IT service for improving the quality of service in Puskom Ministry of Foreign Affairs. ITIL and COBIT are applied with qualitative approach and case study method. The results of this research includes the result of analyses condition of 26 process in fifth Services Lifecycle in the ITIL and level capability assessment of 18 IT Process in COBIT in relation with IT services. The gap analysis and prioritization of IT process in COBIT are used as a recommendation to give the Key Performance Indicator (KPI) for Puskom.

Jesslyn Kurniawan,Wella Wella

DOI: https://doi.org/10.31937/si.v14i2.3223

2023-12-21

Abstract:PT XYZ is a management consulting company in Jakarta. This company has many products related to information technology. Therefore, measuring the capability of information technology governance at PT XYZ was carried out. The measurement of information technology governance capability is based on problems that are often faced by companies in terms of project management followed by problems related to the company's IT budget and human resources skilled in information technology. Capability measurement is carried out using COBIT 2019 with a qualitative approach. Using data collection methods with interviews and literature study. The results of the data collection showed that there were 3 COBIT 2019 domain processes that matched the company's problems, namely APO06 - Managed Budget and Costs, APO07 - Managed Human Resources, and BAI11 - Managed Projects. The results of the capability measurement carried out concluded that the three selected domain processes namely APO06, APO07, and BAI11 were achieved at level 2 or can be categorized as Fully Achieved so that companies get several recommendations for improvement to improve the quality of their information technology governance and reach a higher level.

Muthmainnah Muthmainnah,Desvina Yulisda,Veri Ilhadi

DOI: https://doi.org/10.52088/ijesty.v2i1.223

2021-11-29

Abstract:The use of Information Technology (IT) in higher education is said to be useful if its application is in accordance with the vision and mission of the organization. Academic information system audit is a method of assessing or assessing academic information systems to ensure that the governance and management functions of the information system are implemented properly. Unimal is a university that has implemented information technology in its operational processes. In achieving the organization's vision, the use of IT in the organization must always be monitored so that the services provided to users can be maximized, including by conducting an audit process to identify the level of IT maturity so that IT management can find solutions from processes that are considered less than optimal. This study aims to measure the level of capability of Unimal Academic Information Technology using COBIT 5 Domain APO (Align, Plan, and Organise) in the APO01, APO02, APO04 and APO11 processes. The focus of the research is also based on the need for priority processes in the Malikussaleh University environment and research related to the APO domain has not been carried out. The purpose of this study in general is to analyze Academic Information Technology using the COBIT 5 framework in the APO domain at the Malikussaleh University, as well as to provide solutions for improving academic information technology and IT implementation at the Malikussaleh University.

Marco Viriyatama Lim,Melissa Indah Fianty

DOI: https://doi.org/10.46729/ijstm.v4i5.955

2023-09-27

Abstract:A retail company faced challenges such as network issues, unreliable third-party databases, and a lack of employee understanding of input transactions and the introduction of new products or services. The research employed interviews and questionnaires to address these issues and assess the company's information technology governance using the 2019 COBIT framework. The findings would help identify appropriate processes to address the company's difficulties. The prioritized domains included APO12 - Risk Management, BAI03 - Solution Identification and Development, BAI06 - IT Change Management, and BAI10 - Configuration Management. The research revealed that APO12 reached level 3 (highly achieved), while BAI03 and BAI06 reached level 4 (significantly achieved), and BAI10 achieved level 4 (completely achieved), aligning with the company's expectations. These results determine the company's IT governance level and have the potential to enhance its capabilities.

Bernadus Gunawan Sudarsono,Vincent Ray Ananda,Michael Renaldi Kandi

DOI: https://doi.org/10.30813/jbase.v6i1.4311

2023-04-14

JBASE - Journal of Business and Audit Information Systems

Abstract:Perusahaan peralatan tambang adalah perusahaan yang menyediakan barang untuk kebutuhan industri pertambangan. Aplikasi yang digunakan oleh perusahaan alat pertambangan adalah Odoo. Aplikasi ini akan membantu perusahaan dalam menyusun laporan keuangan. Odoo adalah aplikasi keuangan terkomputerisasi yang membantu dalam proses bisnis dan meningkatkan kualitas pelaporan. Audit sistem informasi yang dilakukan pada Odoo adalah untuk mengevaluasi dan mengetahui apakah aplikasi yang digunakan oleh perusahaan dapat membantu perusahaan dalam memdukung proses bisnis yang berjalan. Untuk melakukan hal tersebut, peneliti menggunakan COBIT 5 dengan menggunakan domain DSS (Deliver, Service, and Support) yang berfokus pada sub-domain DSS03 (Manage Problems). Data yang diperoleh selama peneliti melakukan penelitian dianalisis menggunakan capability level untuk mengetahui tingkat kematangan dari aplikasi Odoo. Rata-rata capability level yang diperoleh adalah 2,75 dengan expected level adalah 4. Hasil penelitian berdasarkan analisis capability level dan setiap proses diberikan rekomendasi dan saran yang akan diimplementasikan oleh perusahaan dengan tujuan untuk perubahan agar kedepannya lebih baik.

Ramadhan Syaeful Bahri,Yeffry Handoko Putra

DOI: https://doi.org/10.34010/aisthebest.v8i2.12175

2024-01-31

is The Best Accounting Information Systems and Information Technology Business Enterprise this is link for OJS us

Abstract:This study aims to establish a framework for governing information systems in Micro, Small, and Medium Enterprises (MSMEs), focusing on decision-making processes in advanced and emerging MSME clusters. COBIT 5 is employed to identify variables and guide the research stages. The research will specifically examine MSMEs located in Bandung District. The evaluation of governance quality for each target, which includes Nurtured MSMEs and Advanced MSMEs, involves utilizing the Process Assessment Model (PAM) derived from COBIT 5. In addition to gathering preliminary data through interviews and surveys conducted in Bandung District, this initial investigation also involved a comparative analysis of various methods employed in prior research about the study's subject matter. The findings from this study reveal that the data processing procedures for MSMEs in the Bandung Regency involve the use of computer/laptop devices. However, certain MSMEs face challenges in adequately managing the acquired data, emphasizing the necessity for more effective data management to ensure the produced data attains the quality required for constructing a model for advanced MSMEs. On the contrary, some other MSMEs in the Bandung Regency exhibit proficient data management practices, conducting regular evaluations of data and information, and basing their decisions on the analyzed data. These two scenarios serve as benchmarks for understanding the decision-making processes of both emerging and advanced MSMEs about data. The aspiration is that the outcomes of this study can serve as a benchmark, offering best practices for MSMEs to enhance the quality of their Decision-Making and achieve excellence in their business operations.

Tedy Setiawan Saputra,Ismandra Ismandra

DOI: https://doi.org/10.33557/mbia.v21i3.1955

2023-01-15

MBIA

Abstract:The study aims to measure the role and function of internal audit and risk management as a part of good university governance on private higher education in Palembang City. The current phenomenon is both of the department function is run by quality assurance. The implementation is based on the rule of the perkemendikbud No 50 in the year 2014. The research utilized a qualitative method. Data were obtained from five private universities in Palembang city by spreading the open questionnaire form. The data was analyzed and supported by Nvivo 12 application. The results of data analysis show that the role and function of internal audit and risk management are not optimal yet. Optimized the function, has resulted in the design of organization chart changes by considering the current regulation and any standards. Keywords: Internal Audit, Risk Management, Higher Education, Qualitative, Good University Governance Abstrak Tujuan dari penelitian ini adalah untuk menilai penerapan fungsi Internal Audit dan Manajemen Risiko sebagai bagian dari penerapan tata kelola perguruan tinggi swasta di kota Palembang. Fenomena yang terjadi saat ini, peranan dan fungsi internal audit serta manajemen risiko dijalankan oleh Lembaga Penjamin Mutu secara bersamaan. Penerapan fungsi ini mengacu kepada permendikbud No.50 tahun 2014. Penelitian ini menggunakan metode kualitatif. Data diperoleh dari lima Perguruan Tinggi swasta di Kota Palembang dengan melakukan wawancara berdasarkan kuesioner terbuka. Data hasil wawancara dianalisis menggunakan aplikasi Nvivo 12. Hasil analisis menunjukkan bahwa peranan dan fungsi internal audit serta manajemen risiko pada perguruan tinggi swasta di Palembang belum optimal. Untuk mengoptimalkan peranan dan fungsi internal audit dan manajemen risiko, dihasilkan sebuah rancangan perubahan struktur organiasi kedua fungsi dengan mempertimbangkan regulasi dan standar yang berlaku. Kata kunci: Internal Audit, Manajemen Risiko, Pendidikan Tinggi, Kualitatif. Tata Kelola Perguruan Tinggi

Syinsyina Arifa,Rizal Isnanto,Rinta Kridalukmana

DOI: https://doi.org/10.20527/jtiulm.v8i2.176

2023-11-05

Jurnal Teknologi Informasi Universitas Lambung Mangkurat (JTIULM)

Abstract:University Helpdesk as an information system service provider provided by PTIPD University assists students, staff, and lecturers in solving problems using information systems and networks, as well as updating information online and offline. Based on the Regulation Minister of Religion of the Republic of Indonesia Number 17 of 2013 to improve the quality of university delivery and services, and GUG (Good University Governance) implementation, governance framework is needed to align the vision, mission, and objectives. IT governance framework covering management, operational, maintenance, monitoring, and evaluation processes. The analysis of IT governance with COBIT 2019 resulted in the preparation of recommendations based on the mapping of the domain (area) of the 2019 COBIT design factors. These recommendations are needed for an analysis of the maturity level of PTIPD university helpdesk information technology governance. The research data were taken from annual reports and Key Performance Indicators, observations, and interviews. Based on Design Factors 1-11 to determine domain area, the result is needing improved governance perspective APO12-Managed Risk and DSS05-Managed Security Services. The focus area is risk management and service security management in terms of data and information. The expected ability level is at level 4, while the current ability level analysis is at level 2, the gap level analysis is 2 levels different. The result is to get 12 recommendations and 2 main recommendations using the Fuzzy-AHP method based on the weighting of the criteria of Regulation number 12 of 2012 the management of information technology in university.