This Information Security Management System (ISMS) Policy reflects PT Ahli Web Internasional's commitment to protecting client and organizational information assets.
1. Objective
AhliWeb is committed to protecting the confidentiality, integrity, and availability of information entrusted to us by clients, aligned with ISO/IEC 27001 standards.
2. Scope
This policy applies to all employees, contractors, and third parties with access to AhliWeb systems and data.
3. Security Principles
- Confidentiality: Information accessible only to authorized parties
- Integrity: Information protected from unauthorized modification
- Availability: Information and systems available when needed
4. Risk Management
We perform periodic information security risk assessments and apply appropriate controls to mitigate identified risks.
5. Access Control
Access to systems and information is granted on a least-privilege basis. All access requires strong authentication and is recorded in audit logs.
6. Data Encryption
Sensitive data is encrypted both in transit (TLS 1.3+) and at rest (AES-256). Encryption keys are securely managed and rotated periodically.
7. Incident Management
Security incidents are handled according to documented response procedures. Clients will be notified within 72 hours of a data breach that affects them.
8. Disaster Recovery
We maintain a disaster recovery plan (DRP) that is tested periodically to ensure service continuity.
9. Training and Awareness
All staff receive regular information security training to ensure understanding and compliance with this policy.
10. Compliance
We comply with applicable data protection regulations in Indonesia, including Law No. 27 of 2022 on Personal Data Protection.
11. Contact
Questions about ISMS policy: info@ahliweb.com