Privacy Policy
INTRODUCTION
The critical value of information often necessitates restricted access to certain individuals. Unauthorized disclosure of information to external parties (e.g., business competitors) may result in losses for the information owner. Such valuable information is a significant asset for the company.
For example, many pieces of information within an organization are restricted to specific individuals. This includes information about products under development, techniques, and activities conducted to produce these products or services. Therefore, the security of the utilized information system must be assured within acceptable limits.
The purpose of the information security policy is to provide direction and support for information security management. Senior management establishes a clear policy direction and demonstrates support and commitment to information security through the implementation and maintenance of an information security policy throughout PT. Adi Data Informatika ("Company").
The Company's Information Security Policy covers:
- Organizational Aspect of Information Security Controls
- Human Resource Aspect of Information Security Controls
- Physical and Environmental Aspect of Information Security Controls
- Technological Aspect of Information Security Controls
DEFINITIONS
- Information Security Management System (ISMS) is part of the overall organizational management system for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving Information Security using a Risk-based approach to achieve Adi Data Informatika's vision and mission.
- Access refers to the act of obtaining information assets.
- Information and Communication Technology (ICT) refers to all activities related to processing, managing, delivering, or transferring information between facilities or media.
- Backup is a duplicate copy of data or an entire dataset stored in a separate storage medium.
- Business Continuity Management refers to mechanisms that regulate and ensure actions are taken when information technology activities face disruptions or disasters, ensuring that business processes continue and services remain uninterrupted.
- Business Continuity Plan is a designed disaster recovery strategy.
- Encryption is a data encoding method that prevents computers from reading or using data without proper authorization.
- Information Processing Facilities include systems, services, infrastructure, or physical locations that process information.
- Access Rights refer to permissions granted to obtain Information Assets.
- Information encompasses descriptions, statements, ideas, and signs containing value, meaning, and messages, whether in the form of data, facts, or explanations, presented in various formats and media, both electronic and non-electronic.
- Electronic Information refers to one or a set of electronic data, including but not limited to writings, sounds, images, maps, designs, photos, Electronic Data Interchange (EDI), emails, telegrams, telex, telecopy, letters, signs, numbers, access codes, symbols, or processed perforations that have meaning or can be understood by capable individuals.
- Cryptography is a technique that transforms data into a form different from the original using mathematical algorithms, making it inaccessible to unauthorized parties.
- External Parties are entities other than Adi Data Informatika personnel.
- Third Parties include all external elements beyond Adi Data Informatika's ICT users, such as consultants, communication service providers, suppliers, and information processing device maintainers, as well as other ministries/agencies.
- Risk refers to events or conditions that may have positive or negative impacts on achieving Adi Data Informatika's objectives.
- Information Security Risk involves events or conditions that may impact the confidentiality, integrity, and availability of Information Assets, affecting the achievement of Adi Data Informatika's vision and mission.
- Storage media refers to portable devices that can be connected to and detached from computers without damaging the stored data.
- Restore is the process of recovering backup data.
- Electronic System comprises electronic devices and procedures used to prepare, collect, process, analyze, store, display, announce, transmit, and/or distribute Electronic Information.
- Information System is an integrated component system consisting of institutions, human resources, hardware, software, data substance, and related information working together to manage data and information.
- Information Security Management System (ISMS) is a specialized management system for public service electronic system providers.
- Remote working refers to activities performed by Adi Data Informatika personnel working from locations outside the company's premises without internal network access, using communication technologies to obtain access levels equivalent to working on-site.
- User Acceptance Test (UAT) is the acceptance test of a developed or built application conducted by assigning the application developer, quality control implementer, and application users.
- Assets refer to everything valuable to Adi Data Informatika and thus require protection.
- Data Center is a facility used for placing electronic systems and related components for data placement, storage, processing, and recovery.
- Senior Management refers to the Head managing government affairs at Adi Data Informatika.
CLOSING
The information security policy within Adi Data Informatika is established as a guideline to protect Adi Data Informatika's information assets from various internal and external threats, aiming to ensure the confidentiality, integrity, and availability of information assets.
Technical and specific matters not regulated in this information security policy will be specifically addressed in the guideline book or can be directly implemented according to standard operating procedures.