// 01 Our Commitment

Ethical Governance

WEGE is committed to conducting its business based on the principles of good governance and business ethics, complying with applicable laws and regulations, upholding anti-corruption and anti-bribery practices, integrating ESG into decision-making and risk management, and ensuring the implementation of the principles of transparency, accountability, responsibility, independence, and fairness to protect the interests of the company and all stakeholders.

Company Organizational Structure

Mahendra Vijaya
Lihat Profil
Mahendra Vijaya

President Director

Wahyu Hadi Prasetyo
Lihat Profil
Wahyu Hadi Prasetyo

Director of QHSE and Marketing

Rohandi
Lihat Profil
Rohandi

Director of Finance, Human Capital, and Risk Management

Tomo Dwi Hasputro W.
Lihat Profil
Tomo Dwi Hasputro W.

Director of Operations

Direktur Utama

Mahendra Vijaya

Sekretariat Perusahaan
Audit Internal
Direktorat Quality, Health, Safety, Enviroment dan Pemasaran
Wahyu Hadi Prasetyo
Direktur
Divisi Quality, Safety, Health & Environment
Divisi Supply Chain Management
Divisi Engineering
Divisi Marketing
Divisi Transformasi & Portofolio Sustainability
Direktorat Keuangan, Human Capital dan Manajemen Risiko
Rohandi
Direktur
Divisi Keuangan
Divisi Human Capital
Divisi Manajemen Risiko
Divisi Legal & Contract Manajemen
Direktorat Operasi
Tomo Dwi Hasputro W.
Direktur
Divisi Operasi dan Modular
Divisi Operasi dan Konsesi
Bambang Riswanda
Lihat Profil
Bambang Riswanda

President Commissioner

Alwandi Syam
Lihat Profil
Alwandi Syam

Commissioner

Danis Hidayat Sumadilaga
Lihat Profil
Danis Hidayat Sumadilaga

Commissioner

Joseph Prajogo
Lihat Profil
Joseph Prajogo

Independent Commissioner

Taufan Gestoro
Lihat Profil
Taufan Gestoro

Independent Commissioner

Independence Declaration
Independence Declaration
Independence Declaration
Independence Declaration
Independence Declaration
Independence Declaration

WEGE Policy on Operational Business Ethics

WIKA has established a Code of Conduct (CoC) to internalize values and business ethics, as well as to ensure ethical interactions with various stakeholders, as part of the implementation of Good Corporate Governance (GCG).

Code of Ethics and Conduct
Code of Ethics and Conduct
Corporate Governance Guidelines
Corporate Governance Guidelines
Board Diversity

The Company believes that the diversity of the Board of Commissioners and Directors is the most important element to strengthen the effectiveness of governance, quality of supervision, and accuracy of strategic decision making. Such diversity is not only viewed in terms of representation, but also from a balance of competencies, experiences, and perspectives needed to support long-term technical resilience, especially in facing the dynamics of the construction and infrastructure industry. The commitment to board diversity is set forth in the following Board Diversity Policy.

THE IMPORTANCE OF BOARD DIVERSITY

Diversity is not only viewed in terms of representation, but also a balance of competencies, experiences, and perspectives needed to support long-term business resilience, especially in facing the dynamics of the construction and infrastructure industry.

IMPLEMENTATION OF GOOD CORPORATE GOVERNANCE (GCG)

The Company consistently ensures that the Board composition reflects an adequate combination of educational background, professional experience, and expertise relevant to business needs, including risk management, compliance, and strengthening the sustainability agenda.

TRANSPARENT DISCLOSURE

The disclosure of the profile and diversity of the Board of Commissioners and Directors is delivered transparently in the 2025 Annual Report, covering race, gender, religion, educational background, experience, and expertise.

CONTINUOUS COMMITMENT

The Company is committed to maintaining accountability and openness of information as a form of responsibility to stakeholders and to continuously strengthen the effectiveness of the Board in supporting the performance and sustainability of the Company.

Corporate Governance

// A·04 — UNGC MEMBERSHIP

UNGC Membership

PT Wijaya Karya (Persero) Tbk. is a participant of the United Nations Global Compact (UNGC) and is committed to implementing the UNGC's Ten Principles, which cover human rights, labour, the environment, and anti-corruption, as an integral part of its sustainable business practices. As a subsidiary of PT Wijaya Karya (Persero) Tbk., PT Wijaya Karya Bangunan Gedung Tbk. is also committed to upholding the UNGC Principles through the implementation of Good Corporate Governance (GCG), compliance with applicable laws and regulations, the protection of human rights and labour rights, environmental stewardship, and the promotion of an anti-corruption culture across all of its operational activities. The Company also continues to integrate sustainability principles into its policies and business processes to ensure responsible, ethical, and internationally aligned business practices. This commitment forms part of the Company's efforts to create long-term value for all stakeholders while contributing to sustainable development.

PT. Wijaya Karya (Persero) Tbk. is an active participant of the United Nations Global Compact (UNGC).

// A·05 — ENVIRONMENTAL SATISFACTION SURVEY

Environmental Satisfaction Survey

Gambar Survei
Gambar Survei
Gambar Survei
Gambar Survei
Gambar Survei

WIKA Gedung Conducts Environmental Satisfaction Survey at Asset Locations

As part of its commitment to sustainable operations and community engagement, WIKA Gedung conducted the 2026 Environmental Satisfaction Survey (ESS) to assess public perceptions of environmental management and the company’s operational interactions. The survey was carried out at four main concession locations: Tera Apartment Bandung, Favehotel Karawang, De Braga Artotel Bandung, and Mahogany Apartment Karawang.

The survey was conducted as a self-assessment by WIKA Gedung using structured questionnaires, ensuring that measurements were carried out systematically and consistently. Respondents included local residents, merchants, facility managers, and stakeholders who have direct interaction with the company’s operations.

Survey Results: Very High Community Satisfaction

The survey results show an Environmental Satisfaction Index (ESI) score of 80.49, categorized as “Very Satisfied.” The highest-scoring indicators were Employee Attitude & Behavior and Active Role in Maintaining Cleanliness, Health, Security, and Safety, reflecting employee professionalism and the company’s commitment to a safe and comfortable environment.

Other indicators, including Participation in Social Activities, Harmonious Community Relations, and Responsiveness to Stakeholders, also received high scores, indicating that the company’s interaction with the community is positive and responsive.

Several indicators, such as Economic Benefits and the Quality of Program Assistance, while still categorized as very satisfactory, present opportunities for the company to further enhance program effectiveness and the social impact experienced by the community.

WIKA Gedung’s Commitment to Continuous Improvement

Based on the survey results, WIKA Gedung will strengthen community development programs, improve the quality of facilities and the environment, expand community interaction and participation, and focus attention on areas with lower scores. This survey also serves as a foundation for aligning environmental management and community empowerment programs with the Sustainable Development Goals (SDGs).

The 2026 ESS results provide an objective and comprehensive overview of public perception of WIKA Gedung’s performance, while also serving as a strategic foundation for sustainable program planning, facility development, and strengthening harmonious relationships between the company and surrounding communities.

// A·01 — ESG GOVERNANCE OVERSIGHT

ESG Governance Oversight

Board of Directors Decree
Board of Directors Decree
ESG Committee Organizational Structure
ESG Committee Organizational Structure
// A·02 — MATERIALITY ASSESSMENT

Materiality Assessment

WEGE 2025 material topics are determined based on significant impacts on social environment, as well as financial and strategic implications for the sustainability of the Company.

2024 Focus

WEGE 2024 material topics focused on key operational issues in building construction, including waste management, energy, emissions, materials, water, biodiversity, OHS, HR, community relations, as well as privacy and service.

2024 Materiality Approach

The 2024 materiality approach emphasized the significance of direct impacts on environment, workforce, community, as well as compliance with applicable regulations and standards.

2025 Approach

Entering 2025, WEGE sharpened and deepened its materiality approach by adopting the double materiality concept. This change does not eliminate the substance of previous topics, but enhances perspective and analytical framework from financial risk and opportunity, including its implications for project resilience, financial performance, reputation and long-term value creation of the Company.

Climate Change (Transition & Physical Risk)

Prioritized because climate change directly affects project feasibility, execution schedule, and worker safety. Climate risk is seen as a strategic business risk, not just an environmental issue.

Energy & Greenhouse Gas Emissions

A key topic because energy consumption and GHG emissions are directly related to project cost efficiency, client demands for green buildings, and WEGE readiness for the transition to low-carbon construction.

Occupational Health & Safety (OHS)

A primary topic because workplace safety is absolute in the construction industry. A strong OHS management system is a prerequisite for meeting regulatory standards and client expectations.

Construction Materials & Resource Efficiency

Materials are the largest cost and environmental impact component in construction. Price volatility, supply, and demand for eco-friendly materials make this topic highly relevant financially and operationally.

Integrated Risk Management, Compliance & Data Privacy

A crucial topic to ensure organizational resilience, regulatory compliance, information system reliability, and stakeholder and business partner trust.

// A·03 — BUSINESS ETHICS

Business Ethics

In realizing a sustainable business, WEGE is committed to continuous innovation, value creation, and ensuring product and service quality.

The Company also places social and environmental aspects as essential parts of operations. Consistency in implementing good corporate governance and business ethics becomes the foundation for building strong relationships with all stakeholders — from work partners, vendors, project owners, to end users.

Through aligned collaboration, the company and stakeholders can form a more environmentally-friendly and sustainable business chain.

Business Ethics
Business Partners

Building mutually beneficial and sustainable cooperation.

Vendors

Establishing partnerships with integrity and meeting company standards.

Project Owners

Providing the best solutions with quality and timeliness.

End Users

Prioritizing satisfaction, safety, and long-term value.

Community & Environment

Actively participating in environmental preservation and providing benefits to society.

Supply Chain Management

// A·03 — VENDOR SUSTAINABILITY COMPLIANCE STANDARDS

Vendor Sustainability Compliance Standards

As part of its efforts to build a responsible, compliant, and sustainable supply chain, PT Wijaya Karya Bangunan Gedung Tbk. (WEGE) is committed to ensuring that all procurement processes are carried out transparently, objectively, and with integrity through the implementation of integrity pacts/OHS&E (Occupational Health, Safety, and Environment) requirements, as well as due diligence mechanisms for prospective vendors as a form of compliance with ESG and sustainability aspects established by the Company. WEGE also promotes the integration of Environmental, Social, and Governance (ESG) aspects in the supplier selection and evaluation process from the early stages of engagement.

In line with this commitment, WEGE periodically reviews its purchasing practices and procurement processes to ensure their alignment with the principles set out in the Company’s Supplier Code of Conduct Policy. This review is conducted to ensure that procurement practices do not conflict with applicable ESG requirements, including legal compliance, occupational health and safety, environmental protection, business ethics, and social responsibility within the supply chain.

Through this review, the Company is able to identify potential risks and non-conformities in its relationships with suppliers, while also making improvements to selection mechanisms, contractual requirements, and vendor monitoring processes where necessary.

// A·04 — PENGUATAN KAPASITAS PEMASOK

Supplier Capacity Building

PT Wijaya Karya Bangunan Gedung Tbk. (WEGE) regularly conducts ESG socialization programs for its partners through vendor gathering forums and dissemination activities on ISO 20400:2017 standards on Sustainable Procurement. This initiative aims to enhance suppliers’ understanding and capacity in implementing sustainability principles, while also ensuring the alignment of supply chain practices with the Company’s ESG policies and standards.

// A·01 — SUPPLIER CODE OF CONDUCT

Supplier Code of Conduct

PT Wijaya Karya Gedung Tbk. (WEGE) is committed to implementing ESG principles in its procurement processes by adopting a Supplier Code of Conduct (CoC) policy as the primary foundation to ensure that all business partners carry out practices aligned with sustainability principles and good governance. This policy serves as a mandatory guideline that regulates supplier conduct across the three main ESG aspects, namely environmental, social, and governance.

Compliance with this CoC is an integral part of the contractual requirements for all business partners. If any non-compliance is identified during the contract period, WEGE implements a Corrective Action Plan (CAP) mechanism with measurable timelines for improvement, as part of its commitment to continuous improvement within the supply chain.

// A·02 — SUSTAINABLE SUPPLIER EVALUATION

Sustainable Supplier Evaluation

PT Wijaya Karya Gedung Tbk. (WEGE) has implemented an integrated vendor assessment and development mechanism through WIKA Holding's Vendor Management System (VMS) platform, called WISE. All prospective vendors intending to collaborate with WEGE are required to go through the registration process in this system, including fulfilling the Contractor Quality and Safety Management System (CQSMS) requirements as part of the qualifications in the tender process.

Data and documents submitted by vendors through WISE are then verified by the WEGE Supply Chain Management team using a desk assessment method, focusing on the completeness and compliance of the documents, including ESG aspects. In addition, WEGE also conducts periodic on-site assessments through the Project Evaluation Committee (KEP), consisting of internal company representatives, to ensure implementation in the field, particularly concerning HSE aspects and 5R practices in project execution.

Risk Management

// A·01 — RISK MANAGEMENT WIKA GEDUNG

Risk Management Wika Gedung

Risk management at PT Wijaya Karya Bangunan Gedung Tbk is implemented in an integrated manner across all levels of the organization using a three-lines-of-defense approach. The Board of Commissioners oversees the effectiveness of risk management implementation, while the Board of Directors is responsible for establishing company policies, strategies, and risk tolerance limits. Technical implementation is coordinated by the risk management unit, which regularly identifies, analyzes, and monitors risks. At the operational level, the project unit is at the forefront of managing risks in the field, supported by control functions such as OHS, quality, and compliance to ensure all processes meet standards. Furthermore, internal audit conducts independent evaluations to ensure the risk management system is effective and provides recommendations for continuous improvement.

Wika Gedung Risk Management

Risk management at WIKA Gedung/WEGE employs the Three Lines Model to ensure the effectiveness of risk management, namely: First Line: Business Units, as the risk holders, are responsible for identifying, assessing, and controlling risks in operational activities. Second Line: The Risk Management and Corporate Compliance Function, which supports and validates the risk assessments and mitigation plans developed by the Business Units. Third Line: The Internal Audit Unit, acting as an independent party to ensure the effectiveness of risk management implementation by the first and second lines.

Wika Gedung Risk Management
// A·02 — THREE LINES MODEL RISK MANAGEMENT FRAMEWORK

Three Lines Model Risk Management Framework

Three-Line Model Risk Management Framework

Three Lines Model of Risk Management

The three lines risk governance model (three lines model) at PT Wijaya Karya Bangunan Gedung Tbk illustrates a clear division of roles in risk management throughout the organization. At the highest level, the Board of Commissioners/Supervisory Board together with the Board of Directors have the responsibility to direct and oversee the implementation of risk management to ensure it runs effectively.

  • The first line, namely the work unit or project, acts as the risk owner who directly identifies, manages, and controls risks in daily operational activities. This line serves as the vanguard because risks arise from the business processes being executed.

  • The second line is the independent risk management and compliance function. Its role is to ensure that existing risks have been properly measured, monitored, and controlled, as well as to develop the risk management methodology and policies applied throughout the company.

  • The third line is the internal audit function tasked with conducting an independent evaluation of the entire risk control and governance system. This line ensures that the implementation of risk management within the company is running effectively and provides recommendations for improvement if necessary.

// A·03 — RISK CRITERIA FRAMEWORK

Risk Criteria Framework

The ISO 31000-based risk management framework focuses on value creation and protection as its main objective. In its application, risk management is based on several main principles such as being integrated, comprehensive, customized, inclusive, dynamic, based on the best available information, considering human and cultural factors, and implemented continuously (continual improvement).

The risk management framework covers the stages of design, implementation, evaluation, and improvement that are mutually integrated into the organizational system. This ensures that risk management does not stand alone, but rather becomes part of the company's entire business process.

Overall, this model shows that risk management is a systematic, structured, and continuously developing process to support decision-making as well as maintain the sustainability and value of the organization.

Risk Criteria Framework
// A·04 — RISK IMPLEMENTATION STRATEGY

Risk Implementation Strategy

Risk Management System Based on ISO 31000:2018

WEGE consistently implements a risk management system based on ISO 31000:2018 in an integrated manner across all business units and organizational levels. This system includes establishing the context, risk identification, analysis, evaluation, treatment, monitoring, and continuous risk reporting.

  • Leadership and Commitment
  • Risk Context Implementation
  • Proportionate Risk Management
  • Continuous Improvement
Strengthening Risk Management Implementation

WEGE continuously strengthens the quality and effectiveness of risk management by referring to:

Minister of State-Owned Enterprises (SOE) Regulation No. 2 of 2023 concerning the implementation of corporate governance and risk management in State-Owned Enterprises (SOEs).

Strengthening efforts are carried out through the implementation of the Risk Maturity Index (RMI) as a tool to measure the maturity level of risk management.

Objectives of Strengthening

To enhance the quality, effectiveness, and maturity of risk management in order to support the sustainable achievement of the company’s objectives and create value for all stakeholders.

// A·05 — RISK MANAGEMENT AUDIT

Risk Management Audit

Risk Management Audit is an independent and objective evaluation process to assess the adequacy and effectiveness of risk management implementation across all levels of the organization. This audit is integrated with the Internal Audit (IA) function and is also used to evaluate the level of risk management maturity through the Risk Maturity Index (RMI). Monitoring and evaluation are conducted to ensure that risks remain within the established risk appetite. This is achieved through reviews of the risk management process by internal auditors and risk management audit meetings held once a year across all WIKA Gedung corporate functions and projects.

AUDIT SCOPE

Risk Governance & Risk Culture
Risk Planning & Strategy
Risk Management Process
Risk Information System & Reporting
Integration with Performance & Projects

BASIS OF IMPLEMENTATION

  • ISO 31000 :2018 - Risk Management Guidelines
  • PER BUMN Number 2 of 2023 – Guidelines for Corporate Governance and Significant Corporate Activities of State-Owned Enterprises
  • Risk Management Policy and Internal Company Procedures

Benefits

Enhancing the effectiveness of risk management and the achievement of strategic objectives
Strengthening governance and compliance with regulations
Enhancing stakeholder trust
Encouraging a proactive and sustainable risk culture

The audit mechanism for the implementation of risk management at WEGE has been carried out through both internal and external audits.

Internal audits are conducted by the Internal Audit function to ensure the effectiveness of the implementation of risk management processes within the Company. Meanwhile, external audits are conducted periodically on an annual basis by external parties, as well as through the ISO 30001 recertification process every three years.

In addition, in 2025 WEGE also conducted a Risk Maturity Index (RMI) assessment by WIKA Holding, achieving a score of 2.1, which indicates that the Company’s risk management maturity level is in the developing stage.

Infografis Mekanisme Audit
Perolehan Skor
2.1
Developing

Risk Training

Risk management training is conducted to enhance the understanding, competence, and awareness of all company personnel regarding the importance of implementing risk management. Through this training, the Company ensures that each work unit is capable of effectively identifying, controlling, and mitigating risks in order to support the achievement of corporate objectives and strengthen sustainable governance. In accordance with PERMEN BUMN No. 2, risk management personnel at WEGE are enrolled in external risk certification programs. For WEGE employees, the Company periodically conducts awareness training related to risk management through webinars at least once a year by inviting external speakers. In addition, risk management sharing sessions are held regularly with project managers or division VPs as speakers.

No. ORGAN NAMA JABATAN RI SERTIFIKASI PENGELOLA RISIKO PELATIHAN 2026 (JAM)
RA RI
1
BOARD OF COMMISSIONERS/SUPERVISORY BOARD
JOSEPH PRAJOGO INDEPENDENT COMMISSIONER CONCURRENTLY SERVING AS ACTING PRESIDENT COMMISSIONER Sep-24 20 24
TAUFAN GESTORO INDEPENDENT COMMISSIONER Sep-24 20 24
SULI FATIMAH COMMISSIONER Agust-25 20 18
DANIS HIDAYAT SUMADILAGA COMMISSIONER Dec-25 20 8
2
AUDIT COMMITTEE
JOSEPH PRAJOGO HEAD OF AUDIT AND RISK MANAGEMENT EXPERT TEAM Sep-24 20 24
TAUFAN GESTORO MEMBER OF AUDIT AND RISK MANAGEMENT EXPERT TEAM Sep-24 20 16
DARAWATI MEMBER OF AUDIT AND RISK MANAGEMENT EXPERT TEAM - INDEPENDENT PARTY May-25 20 18
3
RISK OVERSIGHT COMMITTEE
JOSEPH PRAJOGO HEAD OF RISK AND INTEGRATION COMMITTEE AND INTEGRATED GOVERNANCE Sep-24 20 24
DANIS HIDAYAT SUMADILAGA INTEGRATED GOVERNANCE COMMITTEE AND INTEGRATION MANAGEMENT TEAM MEMBER Dec-25 20 18
DEVRI SETYAWAN AUDIT COMMITTEE SECRETARY Mei (Pelatihan) 20 18
4
BOARD OF DIRECTORS
BAGUS TRI SETYANA DIRECTOR Jun-25 40 18
DWI PURNOMO DIRECTOR Jun-25 40 18
HADIAN PRAMUDITA DIRECTOR Des-25 (Pelatihan) 40 16
TOMO DWIHASPUTRO W. DIRECTOR Des-25 (Pelatihan) 40 18
5
FINANCE DIRECTOR IN CHARGE OF FINANCIAL MANAGEMENT
HARTANTO KARTI RAHARJO DIRECTOR Dec-24 40 16
6
RISK MANAGEMENT DEPARTMENT
SIGIT HERLAMBANG VP - PMO AND RISK MANAGEMENT DIVISION Nov-24 20 32
DEWI DESTRIANA DAULANY MANAGER OF PMO OPERATION DEPT Dec-25 (Pelatihan) 20 24
ARI NURFITA MANAGER OF RISK MANAGEMENT DEPT Oct-25 20 48
NILAM TANTRI STAFF OF RISK MANAGEMENT DEPT Dec-22 20 32
SUHARNO STAFF OF RISK MANAGEMENT DEPT Dec-24 20 24
JEMI RIZKI STAFF OF RISK MANAGEMENT DEPT Nov-22 20 32
ERPIN MEILANI STAFF OF RISK MANAGEMENT DEPT Jan-23 20 24
7
GENERAL AFFAIRS AND COMPLIANCE UNIT
ANDI SUGIARTO INTERNAL AUDIT Mei-25 (Pelatihan) 40 34
ARDI NOVIANTO HEAD OF AUDITOR Sep-22 20 8
NOOR PRIHARTANTO HEAD OF AUDITOR Sept-25 20 64
BOPRIARI KUSUMAWIJAYA HEAD OF AUDITOR Dec-25 20 80
// A·06 — EMERGING RISK

Emerging Risk

Definition of Emerging Risks

WEGE recognizes that the transformation of the construction industry toward more sustainable practices brings about new risk dynamics that are complex and multidimensional. In the context of Environmental, Social, and Governance (ESG), the Company identifies various emerging risks that have the potential to affect business sustainability, operational performance, financial stability, as well as corporate reputation in the medium to long term. Within the ESG context, these risks not only impact financial aspects but also influence competitiveness, access to funding, social license to operate, and the resilience of the Company’s business model. Therefore, ESG risk management is positioned as an integral part of WEGE’s sustainability strategy and growth direction.

Impact & Mitigation of Emerging Risks
NO RISIKO KATEGORI RISIKO DAMPAK MITIGASI RISIKO
1 Changes in consumer preferences regarding project types and financing schemes may affect the Company’s ability to secure new contracts. Market dan Macroeconomics

A decline in contract acquisition value and the potential reduction in revenue contribution from the marketing sector.

The Company focuses its marketing strategy on market segments with stable funding, particularly projects financed by the state budget (APBN) and state-owned enterprises (SOEs), while improving supply chain effectiveness through collaboration with competitively priced vendors to enhance competitiveness in tender processes.
2 The increasing demand from customers for innovative, digital, and cost-efficient construction services may impact the Company’s competitiveness in the market. Strategic Risk / Market Risk
  1. A decline in prospective customers’ interest in the Company’s services.

  2. Reduced opportunities to win tenders or secure new contracts.

  3. The potential loss of market share to more adaptive competitors.

  4. A decline in the achievement of revenue targets from the marketing sector.

The Company conducts periodic monitoring of market trends and customer needs, develops relevant service innovations, strengthens digital marketing strategies through corporate communication channels, and enhances marketing team competencies through training and industry benchmarking.
3 The growing preference of project owners for contractors that can deliver integrated services, such as Design & Build or EPC. Strategic Risk

The Company may be at risk of not being selected in tender processes if it solely offers conventional construction services.

The Company develops Design & Build service models and reinforces strategic partnerships with design consultants to enhance its capability to deliver integrated construction services.
4 Increasing the adoption of green building and sustainable construction concepts in projects. Strategic Risk

A potential loss of project opportunities due to the requirement to meet environmental standards and green building certifications.

The Company strengthens its competencies in green construction, advances environmentally friendly construction technologies, and enhances capabilities through certification and competency development in sustainable building standards.
5 Issues arising from past projects may impact the perception and trust of prospective clients toward the Company. Reputational Risk

Decreased trust from project owners and reduced opportunities to obtain new contracts.

The Company enhances corporate communication, improves project information transparency, promotes positive project performance achievements, and continuously improves service quality for project owners.

Information Technology Security

// A·01 — BUSSINESS INFORMATION SYSTEM CYBER SECURITY STRUCTURE

Bussiness Information System Cyber Security Structure

The Information Security Governance Structure is led by the Information Security Committee, supported by the IT Steering Committee, to ensure that information security aligns with the company's business objectives. The CISO oversees information security policies, risk management, compliance, system development, security operations, infrastructure, and business continuity. The structure is further supported by operational, facility, security, and human capital functions to maintain a secure, efficient, and sustainable business environment.

Manajemen Teknologi Informasi
// A·02 — INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) TRAINING

Information Security Management System (ISMS) Training

Gambar Survei
Gambar Survei
Gambar Survei

The Information Security Management System (ISMS) Training aims to enhance knowledge, skills, and awareness in managing information security in accordance with the Company's policies. The program covers a range of key topics, including the principles of information security, risk identification and assessment, implementation of security controls, incident management, information security governance, the roles and responsibilities of the Board of Directors and the Board of Commissioners in overseeing ISMS implementation, as well as compliance with applicable laws, regulations, and relevant standards.

The discussion on the Board of Directors and the Board of Commissioners focuses on their strategic roles in establishing information security policies, ensuring the availability of adequate resources, overseeing the effectiveness of ISMS implementation, evaluating information security risks, and fostering an information security culture throughout the organization as part of the implementation of good corporate governance.

Through this training, participants are expected to strengthen their ability to safeguard the confidentiality, integrity, and availability of information, understand the roles of all organizational levels—including the Board of Directors and the Board of Commissioners—in supporting ISMS implementation, and contribute to the Company's commitment to effective information security governance, optimal risk management, regulatory compliance, and continual improvement.

// A·03 — INFORMATION TECHNOLOGY SECURITY POLICY

Information Technology Security Policy

DEFINITION

WEGE implements the ISO 27001 Information Security Management System (ISMS) policy to maintain the confidentiality of employee health information. All health data is used solely for occupational health monitoring and management, and not for any other purpose without the consent of the individual concerned.

Information Technology Security Policy
// A·04 — REPORTING ON BREACHES

Reporting on Breaches

Throughout the period up to 2025, WIKA Gedung has successfully maintained a zero-incident record with no information security breaches or data leaks. We have also recorded no IT incidents resulting in material financial losses. This achievement is a tangible manifestation of precision in security controls and the resilience of the company's digital infrastructure.

// A·06 — INFORMATION TECHNOLOGY SECURITY PROGRAM

Information Technology Security Program

Proses Risiko Keamanan TI

The infographic depicts a systematic framework for managing Information Technology (IT) Security Risk across five main stages. The process begins with Risk Identification, covering the recognition of potential cyber threats, system vulnerabilities, human error, and third-party risks.

Next, Assessment and Testing is conducted through periodic vulnerability assessments and penetration testing to ensure the effectiveness of the implemented controls. The following stage is Monitoring and Detection — continuous system monitoring to identify abnormal activity or anomalies in real-time.

As part of strengthening governance, internal and external Audit and Evaluation is performed against ISO 27001 and other reference standards such as ISO 20000-1. The final stage is Response and Reporting, which governs incident handling mechanisms through standard operating procedures (SOPs) to ensure swift, accurate, and well-documented response.

Management Approach

  • Periodic security assessments (vulnerability & penetration testing)

  • Real-time system monitoring & anomaly detection

  • Information security audits and certifications (ISO 27001, ISO 20000-1)

  • Structured SOP for incident reporting

// A·05 — INTEGRATED MANAGEMENT PROCESS

Integrated Management Process

The Integrated IT Governance and Digital Control Framework is designed to ensure effective, secure, and business-aligned management of information technology. RJPP, RSTI, RKAP, and Risk Management (MR) serve as strategic foundations directing all IT policies, planning, and program implementation in line with the company's long-term goals.

At the strategic operational level, the Digital Control Tower functions as a centralized command center that integrates monitoring, analyze, respond, report, and optimize functions. This approach is supported by the synergy between people, process, technology, and governance to ensure control effectiveness and system resilience.

Engagement of internal and external stakeholders is demonstrated through two-way communication mechanisms covering needs, inputs, evaluations, and feedback — reflecting the principles of transparency, accountability, and collaboration in IT governance. The Management System Functions include strategic units such as Information Technology, Human Capital, Corporate Secretary, Finance, Supply Chain Management (SCM), and Legal — acting as enablers in policy implementation and integrated system-based operations.

Overall, this framework reflects the adoption of international best-practice IT governance, aimed at improving service reliability, strengthening information security, ensuring regulatory compliance, and supporting sustainable business growth.

  • As the main foundation, IT Governance is built on compliance with ISMS (Information Security Management System) and ISMS-Service (Information Service Management System)

Diagram IT Governance
// A·06 — INFORMATION TECHNOLOGY SECURITY PROGRAM

Information Technology Security Program

Program Keamanan TI

To safeguard the company's digital resilience, the company runs a range of programs specifically designed to strengthen information security and ensure that technology services run without disruption.

The company proactively identifies and manages various information security risks — from cyber threats and system vulnerabilities to operational risks from third parties — through vulnerability analysis and both internal and external audits.

This mitigation approach is an essential basis for maintaining service continuity and the company's readiness in the face of disruptions, while ensuring recovery can be conducted swiftly and in a controlled manner aligned with the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

// A·07 — CULTURE REINFORCEMENT

Culture Reinforcement

The company consistently builds and reinforces an information security culture as the foundation for operational reliability and protection of digital assets. This is pursued through continuous education programs to raise awareness and understanding among all employees about the importance of data security. Initiatives such as mandatory training, e-learning modules, and cyber attack simulations (e.g. phishing tests) are deployed to enhance vigilance against potential digital threats. The company also ensures that policies, system usage guidelines, and data governance are routinely socialized to drive consistent security behavior across all organizational lines. Through this approach, the company is committed to creating a work environment that is safe, adaptive, and resilient to information security risks.

Responsible Artificial Intelligence

// A·01 — RESPONSIBLE ARTIFICIAL INTELLIGENCE POLICY

Responsible Artificial Intelligence Policy

Artificial Intelligence Usage Policy

The Company establishes an Artificial Intelligence (AI) Usage Policy as a guideline for the responsible, secure, and well-governed utilization of AI technology. This policy aims to ensure that the use of AI supports the enhancement of operational efficiency, the quality of decision-making, and business innovation, while upholding ethical standards, information security, and compliance with applicable regulations.

In its implementation, the use of AI must adhere to the principles of transparency, accountability, and data protection, including safeguarding information confidentiality and preventing potential misuse or bias in analytical outcomes. The Company also ensures that all AI utilization is conducted in a controlled manner through proper evaluation processes, oversight, and risk management.

// A·02 — AI PLATFORM MAPPING

AI Platform Mapping

AI Platform Mapping
AI Platform Mapping

The implementation of AI at PT Wijaya Karya Bangunan Gedung Tbk (WEGE) is most effectively executed through a multi-platform AI approach, supported by a structured AI governance framework. Microsoft Copilot is recommended to enhance productivity and collaborative workflows, ChatGPT Enterprise serves for corporate knowledge management and as a digital assistant, Claude Enterprise supports contract and complex document analysis, Gemini Enterprise is used for multimodal research and analytics, and Azure OpenAI Service provides the foundation for developing integrated Enterprise Intelligence linked with ERP, BIM, and other digital systems.

To ensure reliability and accountability in AI deployment, WEGE has established mechanisms for periodic model performance monitoring to detect and correct potential drifts or quality degradation over time. This includes evaluating output accuracy, validating data, re-testing models, implementing human-in-the-loop procedures, and updating systems according to evolving business needs and operational data. Furthermore, each AI model undergoes routine assessments for fairness and bias, ensuring that AI outputs do not produce discrimination, decision-making disparities, or non-objective recommendations in business processes, human capital management, procurement, or project management.

WEGE also measures the impact of AI implementation on sustainability performance through quantifiable indicators such as improved operational efficiency, reduced paper usage, decreased administrative errors, optimized design and materials via BIM, reduced rework, energy efficiency, and contributions to emissions reduction through more digitalized and integrated workflows. Through this approach, WEGE can optimally leverage the strengths of each AI platform to enhance productivity, strengthen knowledge management, support governance and compliance, drive innovation, and build safe, fair, and measurable Construction Intelligence capabilities that underpin the company’s digital transformation and future competitiveness.

// A·03 — RESPONSIBLE AI PROGRAM

Responsible AI Program

As part of its ESG commitment, WEGE has implemented the Responsible AI Programme to ensure that artificial intelligence technology is used ethically, safely, transparently and sustainably. The programme integrates governance principles, risk management, data protection, human oversight, and social and environmental impact evaluations into the entire AI lifecycle. This approach enables WEGE to promote responsible digital innovation, strengthen stakeholder trust, and support the creation of business value and long-term sustainability.