Integrated IT Risk Management Framework to Support BCMS Implementation Subholding UpstreamIntegrated IT Risk Management Framework to Support BCMS Implementation in Subholding UpstreamCOBIT 2019-APO12 Managed Risk COBIT 2019-EDM03 Ensured Risk Optimization* C12-002/PHE41000/2022 Rev.0 TKI Penyusunan All Risk & Top Risk%u2022Data collection (Incident & Problem Log, Audit Report, EventLog)%u2022Projects%u2022ICoFR-IT General Control (ITGC)%u2022Risk Register%u2022Blue TeamIntergrated IT Risk Treatment PlanInternalEksternalRJPP, RKAP, & KPIRegulasiAudit Independen, Threat Intelligent, Vulnerability, Assessment, Red Team, System Management (ISO 22301, ISO 27001,etc.), HazardRisk CapacityRisk AppetiteRisk AcceptanceRisk Criteria MatrixRisk ReductionContextIT Risk References Related to IT Business ProcessInternal ExternalScope Criteria*Risk AssessmentStrategic PlanningGovernance Enterprise ArchitectureEnterprise RiskHSSE (People, Safety, Health & SecurityFinancial RegulationCyber Threat Industry Oil & GasStakeholder GuidelinesOperational ProductionHazard Cyber Threat (Historical)InformationTechnologyRisk IdentificationRisk AnalysisRisk EvaluationRisk Management FrameworkCommunication & ConsultationRecording & ReportingMonitoring & Review(ex: Internal & External Audit, Management Review, etc.)Monitoring & ReviewAPO12.01 EDM03.01APO12.02EDM03.02EDM03.02 APO12.04 EDM 03.03APO12.03APO12.05Integrated Risk Treatment Plan (RTP) (Included RCM-ICoFR-ITGC)Risk AssessmentRR CyberSec(Information & Cyber Security)RR OGB(Operation)RR DRA(Disruptive) Critical IT ServicesBusiness Continuity Strategy (BCS)Strategy Blueprint & RoadmapActivity Relocation, Resource Relocation /Reallocation, Alternate process, Temporary WorkaroundBusiness Continuity Plan (BCP)Exercise & Test ProcedureTabel Top Call Tree Specific Simulation/DR TestingBusiness Continuity Management SystemBusiness Impact AnalysisRisk AssessmentLaporan Tahunan %u2022 Annual Report 620HULU ENERGI