The use of information technology in companies is a crucial element to support business process effectiveness and efficiency. However, it also presents various challenges and risks that need to be managed properly. Risk management is key to protecting company value, optimizing strategies, and securing assets. PT. Eterindo Nusa Graha, as an industrial company relying on information technology, faces risks related to data, software, hardware assets, as well as threats from natural, system, infrastructure, and human resources. To address these issues, the company implements the ISO 31000:2018 framework, known for its flexibility and structured approach in identifying, assessing, and managing risks. Analysis results show that out of 16 identified risks, 5 are categorized as low, 10 as medium, and 1 as high. This indicates that most risks are still controllable, although effective mitigation strategies are needed, especially for high-category risks. The implementation of ISO 31000:2018 at PT. Eterindo Nusa Graha has helped the company protect critical assets, build stakeholder trust, and ensure smooth business processes. Thus, the company has demonstrated good risk management capabilities, although it still needs to focus more on high risks to minimize potential impacts.