mekanisme deteksi dan penanganan insiden yang efektif guna memastikan keberlanjutan operasional serta melindungi aset informasi. Dengan memahami tingkat maturitas dalam penanganan insiden, organisasi dapat megevaluasi kapabilitas yang dimiliki, mengidentifikasi area yang perlu ditingkatkan, serta menerapkan strategi yang lebih proaktif dalam menghadapi ancaman siber. Berdasarkan hasil penilaian instrumen TMPI, PHE memiliki indeks kematangan penanganan insiden di nilai 4,61 atau berada pada level kematangan 5 (optimize) yang dikeluarkan oleh Badan Siber dan Sandi Negara (BSSN) Indonesia. MANAJEMEN RISIKO ITIT Risk Management FrameworkPelaksanaan manajemen risiko TI mengacu kepada beberapa framework berikut:a. ISO31000:2018 Risk ManagementPengelolaan risiko level korporat di PHE menggunakan standar ISO 31000 yang merupakan standar internasional untuk manajemen risiko yang memberikan prinsip, kerangka kerja, dan proses dalam mengelola risiko di Perusahaan. Penerapan pengelolaan risiko ini dilaporkan ke Fungsi Risk Management. b. ISO27005:2022 Information Security, Cyber Security & Privacy ProtectionDalam pengelolaan risiko terkait ISMS, PHE menggunakan standar ISO 27005. Standar ini merupakan bagian dari keluarga ISO/IEC 27000 (Sistem Manajemen Keamanan Informasi) dan mendukung penerapan ISO/IEC 27001 dengan pendekatan berbasis risiko. c. ISO22301:2019 Business Continuity Management Systems (BCMS)ISO 22301:2019 membantu Perusahaan untuk mengidentifikasi, mencegah, mempersiapkan, merespon, dan memulihkan diri dari gangguan bisnis, seperti bencana alam, serangan siber, atau kegagalan sistem, dengan tujuan utama memastikan kelangsungan operasi bisnis dalam kondisi darurat, serta meningkatkan resiliensi bisnis terhadap gangguan. d. Control Objectives for Information and Related Technologies (COBIT) 2019COBIT 2019 mendukung pendekatan berbasis risiko dalam pengukuran kapabilitas atau maturity. Proses yang memiliki relevansi dengan pengelolaan risiko TI adalah EDM03 Ensured Risk Optimization dan APO12 Managed Risk. e. Integrated IT Risk Management Framework Subholding Upstream.IT selalu melakukan control customization framework dalam area IT Risk Management dengan cara : 1. Menghubungkan antara satu framework dengan framework yang lain.2. EDM risk appetite, risk tolerance menjadi figure pengontrol terhadap IT Risk Management.ensure operational continuity and protect information assets. By understanding the maturity level in incident management, organizations can evaluate their capabilities, identify areas that need to be improved, and implement more proactive strategies in dealing with cyber threats.Based on the results of the TMPI instrument assessment, PHE has an incident handling maturity index of 4.61 or is at maturity level 5 (optimize) issued by the Indonesian National Cyber and Crypto Agency (BSSN). IT RISK MANAGEMENTIT Risk Management FrameworkThe implementation of IT risk management refers to the following frameworks:a. ISO31000:2018 Risk ManagementCorporate level risk management at PHE uses the ISO 31000 standard, which is an international standard for risk management that provides principles, frameworks, and processes in managing risk in the Company. The implementation of this risk management is reported to the Risk Management Function.b. ISO27005:2022 Information Security, Cybersecurity & Privacy ProtectionIn managing ISMS-related risks, PHE uses the ISO 27005 standard. This standard is part of the ISO/IEC 27000 (Information Security Management System) family and supports the implementation of ISO/IEC 27001 with a riskbased approach.c. ISO22301:2019 Business Continuity Management Systems (BCMS)ISO 22301:2019 helps the Company to identify, prevent, prepare for, respond to and recover from business disruptions, such as natural disasters, cyberattacks or system failures, with the main objective of ensuring business continuity in emergency situations, and increasing business resilience to disruptions.d. Control Objectives for Information and Related Technologies (COBIT) 2019COBIT 2019 supports a risk-based approach to measuring capabilities or maturity. Processes that are relevant to IT risk management are EDM03 Ensured Risk Optimization and APO12 Managed Risk.e. Integrated IT Risk Management Framework of Subholding Upstream.IT consistently performs control customization of frameworks in the area of IT Risk Management by:1. Establishing connections between one framework and another.2. Utilizing EDM's risk appetite and risk tolerance as key controlling figures for IT Risk Management.Laporan Tahunan %u2022 Annual Report 618HULU ENERGI