sistem pemantauan keamanan melalui Security Operations Center (SOC). PHE telah mengantongi sertifikat ISO 27001:2013 pada 7 Januari 2021, sertifikat ini yang berakhir pada 6 Januari 2023, setelahnya PHE melakukan upgrade versi sertifikasi dari versi ISO 27001:2013 menjadi ISO 27001:2022. Sertifikat ISO 27001:2022 terbaru telah didapatkan oleh PHE pada 14 Februari 2024 dan pada akhir 2024 surveillance audit sertifikasi pertama dilakukan pada bulan November 2024, hasil dari audit tersebut PHE berhasil mempertahankan status sertifikasi ISO 27001:2022.Asesmen ini merupakan surveillance assessment, scopeextension, dan transition audit untuk sertifikasi ISO/IEC 27001, yang dilakukan dengan metode audit remote. Hasil CAV menunjukkan bahwa seluruh objective audit yang direncanakan telah berhasil dicapai, dan ditemukan bahwa seluruh proses sistem dan dokumentasi telah selaras dengan standar ISO 27001:2022. Information Security Management System (ISMS) telah dikelola dengan baik melalui pemantauan periodic, termasuk objective measurement, risk assessment, internal audit, dan management review. Cyber Security Maturity (CSM)PHE melaksanakan penilaian Cyber Security Maturity (CSM) untuk mengukur tingkat kematangan keamanan siber Perusahaan menggunakan kerangka kerja yang dikembangkan oleh Badan Siber dan Sandi Negara (BSSN) Indonesia. Penilaian ini mencakup 5 (lima) aspek utama: Tata Kelola (kesadaran, audit, control, pemenuhan, kebijakan, dan proses), Proteksi (keamanan jaringan, aplikasi, pengguna, manajemen identitas dan akses, cloud, dan data), Deteksi (manajemen perubahan, pemantauan, sistem peringatan, notifikasi, intelijen, dan pelaporan), serta Respon (strategi penahanan, prosedur penanggulangan, proses pemulihan, kegiatan pasca-insiden, dan mekanisme pelaporan). Melalui penilaian komprehensif ini, PHE dapat mengidentifikasi kekuatan dan area yang perlu ditingkatkan dalam postur keamanan sibernya, sekaligus memastikan kepatuhan terhadap standar keamanan nasional. Berdasarkan pengukuran instrument CSM tersebut diperoleh Total Nilai Indeks Kematangan PHE adalah 4,61, yang berada pada level Indeks Kematangan Level 5 (Implementasi Optimal). Dengan demikian, secara kualitatif dapat digambarkan bahwa penerapan keamanan siber di PHE memiliki proses yang sudah terorganisir dengan baik, diterapkan proses otomatisasi, bersifat formal, dilakukan secara berulang secara konsisten, direviu berkala, serta penerapan perbaikan dilakukan secara berkelanjutan. Tingkat Maturitas Penanganan Insiden Siber (TMPI)Tingkat Maturitas Penanganan Insiden (TMPI) merupakan indikator penting dalam mengukur kesiapan suatu organisasi dalam merespon, mengelola, dan memitigasi insiden keamanan siber. Seiring dengan meningkatnya ancaman siber yang semakin kompleks, organisasi dituntut untuk memiliki of a security monitoring system through the Security Operations Center (SOC).PHE has obtained ISO 27001:2013 certificate on January 7, 2021, this certificate expires on January 6, 2023, after which PHE upgraded the certification version from ISO 27001:2013 to ISO 27001:2022. The latest ISO 27001:2022 certificate was obtained by PHE on February 14, 2024 and at the end of 2024 the first certification surveillance audit was conducted in November 2024, the results of the audit PHE successfully maintained its ISO 27001:2022 certification status.This assessment is a surveillance assessment, scope extension, and transition audit for ISO/IEC 27001 certification, which is conducted using the remote audit method. The CAV results show that all planned audit objectives have been successfully achieved, and it was found that all system processes and documentation are aligned with the ISO 27001:2022 standard. The Information Security Management System (ISMS) has been well managed through periodic monitoring, including objective measurement, risk assessment, internal audit, and management review.Cybersecurity Maturity (CSM)PHE conducted a Cyber Security Maturity (CSM) assessment to measure the Company%u2019s cybersecurity maturity level using a framework developed by the National Cyber and Crypto Agency (BSSN) of Indonesia. This assessment covers 5 (five) main aspects: Governance (awareness, audit, control, compliance, policy, and process), Protection (network security, applications, users, identity and access management, cloud, and data), Detection (change management, monitoring, alert systems, notifications, intelligence, and reporting), and Response (containment strategies, response procedures, recovery processes, post-incident activities, and reporting mechanisms). Through this comprehensive assessment, PHE can identify strengths and areas for improvement in its cybersecurity posture, while ensuring compliance with national security standards.Based on the measurement of the CSM instrument, the Total Value of PHE Maturity Index is 4.61, which is at the Maturity Index Level 5 (Optimal Implementation). Thus, qualitatively it can be described that the implementation of cybersecurity at PHE has a well-organized process, an automation process is implemented, is formal, is conducted consistently, is reviewed periodically, and the implementation of improvements is conducted continuously.Cyber Incident Management Maturity Level (IMML)Incident Management Maturity Level (IMM) is an important indicator in measuring an organization's readiness to respond, manage, and mitigate cybersecurity incidents. As cyber threats become more complex, organizations are required to have effective incident detection and handling mechanisms to 0102030405 Good Corporate Governance Tata kelola Perusahaan0607 PT Pertamina Hulu Energi 617