Trust · ISMS Policy · ISO/IEC 27001:2022

Information Security Management System Policy

PT. Neurogs Inovasi Teknologi · The fifteen-clause ISMS policy statement governing the company's information security posture.

  1. 01

    Information is a key asset in operational processes at PT Neurogs Inovasi Teknologi. Therefore, the confidentiality, integrity, and availability of information needs to be managed in such a way that its security can be maintained.

  2. 02

    The implementation of information security management system at PT Neurogs Inovasi Teknologi refers to ISO/IEC 27001:2022 standard.

  3. 03

    The Top Management of PT Neurogs Inovasi Teknologi continuously demonstrates leadership and commitment to implement an information security management system that complies with regulatory requirements and applicable laws in Indonesia.

  4. 04

    PT Neurogs Inovasi Teknologi is committed to making continuous improvements to the implementation of ISMS.

  5. 05

    Information security policies must be communicated to all employees and third parties through existing communication media to be easily understood and complied with.

  6. 06

    PT Neurogs Inovasi Teknologi will always strive to increase awareness, knowledge and skills about information security for both internal and external employees involved.

  7. 07

    The company conducts assessments and manages risks related to information security based on vulnerabilities and threats that exist in every asset and process.

  8. 08

    In order to maintain company integrity, every member of the organization is prohibited from engaging in any form of money laundering activities and is encouraged to report any suspicious actions related to this to the Chief Information Security Officer (CISO) or ISMS Team members.

  9. 09

    If there are vulnerabilities and threats that could potentially disrupt information security, all stakeholders must report them to the Chief Information Security Officer (CISO) or ISMS Team members.

  10. 10

    All leaders at all levels are responsible for monitoring and evaluating the effectiveness of this policy implementation across all work units/sections under their supervision.

  11. 11

    All employees are responsible for maintaining and protecting the security of information assets and complying with established information security policies and procedures.

  12. 12

    Any violation of this policy and other related policies will be subject to administrative sanctions such as revocation of information access rights and disciplinary actions according to applicable regulations.

  13. 13

    More technical policies and procedures will be created separately and established by referring to the principles set out in this policy statement.

  14. 14

    The organization must continue to improve the suitability, adequacy, and effectiveness of ISMS.

  15. 15

    The ISMS policy statement is reviewed periodically at least once (1) a year or if there are significant changes. The organization must continue to improve the suitability, adequacy, and effectiveness of ISMS.

Reviewed periodically at least once (1) a year or when significant changes occur.