Library information systems and information assets administered to users become the backbone of library service with the support of information technology. Howevet the application of library information systems that grows rapidly may raise the riskthat causesfailures threatening librarians in assessing sources of risk threats. Risks may include events and conditions that lead to disruption in information services and the problem of the decision-making process evaluation although not documented in writing. Informants of this study consist of librarians who have social interaction with library information system. The method uses qualitative case study approach with in-depth interviews and direct observation. The results ofthe study identifies the riskin a hang of backup server is high, i The purpose of this study is to describe the implementation of risk management in information systems at Gadjah Mada University Library using NISTSP 800-30 frame work and to determine factors that affect the implementation of risk management in information systems at the library. Risk management in information systems at Gadjah Mada University Library has been implemented to anticipate the various sources of risk threats by conducting risk assessment, risk mitigation and risk electricity is high, in security systems is high, in passwords is high, in authorization permission is moderate and in human resources is moderate. To reduce and eliminate the risk impact, Gadjah Mada University Library conducts risk mitigation by transferring the risk from a library information system servers to PSDI (Center for Systems and Information Resources), while the risk evaluation of the activities is carried out continuously and consistently by the librarians to implement control and activities in risk mitigation to the extent acceptable to the library. Factors affectiig the implementation of risk management information systems at the Gadjah Mada University Library are influenced by the policies of the University, the perception of the library's head and human resources and technical capabilities in the fi eld of information technology.