PT Ahli Web Internasional's Information Security Management System (ISMS) Policy establishes the framework for protecting the security of information and digital assets of the company and its customers.
1. Management Commitment
PT Ahli Web Internasional commits to:
- Protecting the confidentiality, integrity, and availability of information
- Complying with applicable information security requirements
- Continuously improving the information security management system
- Building a security culture throughout the organization
2. Scope
This policy applies to all information processed, stored, or transmitted by AhliWeb, including:
- Customer and business partner data
- Information technology infrastructure
- Managed systems and applications
- All employees, contractors, and partners with access to AhliWeb systems
3. Information Security Principles
AhliWeb applies the following information security principles:
- Confidentiality: Information is only accessible by authorized parties
- Integrity: Information accuracy is maintained and not modified without authorization
- Availability: Systems and information are available when needed by authorized users
- Authenticity: Identity of parties accessing systems can be verified
- Non-repudiation: Actions cannot be denied by the actor
4. Risk Management
AhliWeb conducts periodic risk assessments to identify, analyze, and evaluate information security risks. Identified risks are addressed through appropriate security controls.
5. Access Control
Access to systems and information is managed based on the principle of least privilege. Each user is only granted the access necessary to perform their duties.
6. Physical and Environmental Security
Physical infrastructure is housed in high-security data center facilities with physical access controls, cooling systems, and disaster protection.
7. Security Incident Management
AhliWeb has security incident handling procedures covering:
- Incident detection and reporting
- Incident response and recovery
- Root cause analysis and corrective actions
- Notification to affected parties
8. Compliance
AhliWeb complies with applicable information security regulations and standards, including Indonesia's Personal Data Protection Law (UU PDP) and international standard ISO/IEC 27001.
9. Training and Awareness
All AhliWeb personnel receive periodic information security training to ensure understanding and compliance with this policy.
10. Policy Review
This ISMS policy is reviewed and updated periodically, at least annually, or when significant changes occur in the business environment or security threats.
11. ISMS Contact
Questions about the ISMS policy: [email protected]