ANTAM is committed to implementing Information and Communication Technology (ICT) Governance in accordance with GCG principles. The implementation of ICT Governance in the company has been started since 2011. The formulation of the strategy for developing information and communication technology at ANTAM refers to the Minister of SOE Regulation No. PER-02/MBU/2013 which is enhanced by the Minister of SOE Regulation No. PER-03/MBU/02/2018 regarding guidelines for the preparation of SOE information technology management.
To support its implementation, ANTAM has developed a policy that forms the basis for all processes in the ICT management domain. ANTAM has an ICT Governance Policy based on the Decree of the Board of Directors No. 231.K/0911/DAT/2022 which is equipped with ICT Service and Security Quality Standards. This policy instrument is in line with the Mining Industry Holding Information Technology Strategic Guidelines (MIND ID) and refers to several best practices and management systems such as COBIT, ITIL, ISO 20000-1:2018, and ISO 27001:2013.
To ensure that ICT Governance at ANTAM is carried out properly and to ensure alignment and coordination between the business side (ICT service users) and managers (ICT Division), an ICT Steering Committee or ICT Steering Committee was formed which consists of the Board of Directors, Head of Division/Unit/Business Unit, and Management of the ICT Division. In addition, as an effort to ensure the effectiveness of the implementation of ICT Governance related to ICT service and security quality, ANTAM establishes general rules as follows:
- The company implements strategies and controls according to ISO 27001:2013 and ISO 20000-1:2018 standards and related regulations to ensure ICT service and security quality.
- All ANTAM Personnel and related external parties must comply with standard policies and procedures related to information security and ICT services, and always strive to increase awareness and understanding of ICT service and security quality standards.
- All important information that is managed and stored in electronic documents or printed documents must be protected against possible damage, misuse, and access by the authorities, and must be protected from threats to confidentiality, integrity, and/or its availability.
- All information security vulnerabilities or incidents that occur in the provision of ICT services must be reported to the ICT Division so that they can be followed up as soon as possible.
- The company is committed to always improving the quality of information security and ICT services through consistent monitoring, reporting, and review activities accompanied by continuous improvement.
