Information Security Policy

Komplace Information Security Policy

Version: 1.0 Effective Date: April 2025 Last Updated: April 22, 2025

1. Introduction

Komplace is committed to safeguarding information security and user privacy by implementing best practices in protecting personal data, digital infrastructure, and internal operations. This policy outlines the principles that support the integrity, confidentiality, and availability of our systems and data.

2. Scope

This policy applies to all employees, business partners, and third-party service providers who access, store, process, or transmit data or systems owned by Komplace.

3. Governance and Compliance

Komplace complies with national regulations, including the Personal Data Protection Law (Law No. 27 of 2022), and follows ISO/IEC 27001 standards for Information Security Management Systems. We also adhere to the privacy and security guidelines of each marketplace integrated within our platform.

We ensure that:

  • All user data is managed transparently and securely.

  • Consent is obtained prior to the collection or processing of personal data.

  • Data subjects have the right to access, modify, or delete their personal data.

4. Data Classification and Protection

Komplace classifies data according to sensitivity levels and applies appropriate security controls:

  • Public Data: Approved for public release.

  • Internal Data: For internal use, non-sensitive.

  • Confidential Data: Restricted access, encrypted storage, and secure transmission.

To protect user data, we employ encryption both at rest and in transit, meaning:

  • Data stored in our systems is secured using AES-256 encryption, rendering it unreadable without the proper key.

  • Data transferred between user devices and our servers is protected via TLS (Transport Layer Security) version 1.2 or higher, preventing unauthorized interception.

5. Access Control

We implement Role-Based Access Control (RBAC) to ensure only authorized users can access specific systems and data, with the following provisions:

  • Access rights are reviewed quarterly.

  • Access is revoked immediately upon termination or role change.

  • Multi-Factor Authentication (MFA) is enforced for administrative accounts with access to sensitive data and core systems.

6. Network and System Security

Komplace applies the following security measures:

  • Segmentation of internal and external networks

  • Firewalls and Intrusion Detection Systems (IDS)

  • Regular vulnerability assessments and penetration testing

  • Routine security patch management

  • Data encryption and active logging for all production systems

  • Secure coding practices throughout software development

7. Endpoint Protection

All endpoints are equipped with antivirus software and Host Intrusion Prevention Systems (HIPS), daily virus definition updates, regular scans via endpoint security agents, and automatic screen locks after inactivity.

8. Operational Security Baseline

Komplace enforces the following baseline standards:

  • Passwords must be at least 8 characters and include upper/lowercase letters and numbers

  • Screens automatically lock after 15 minutes of inactivity

  • MFA for system administrative access

  • Security awareness training is conducted at least annually

9. Vulnerability Management

We conduct:

  • Monthly vulnerability scans

  • Biannual penetration tests

  • Remediation within 30 days of findings

  • Retention of scan/test reports for audits and reviews

10. Incident Response

We have a formal incident response procedure to detect, report, respond to, and recover from security incidents. Key steps include:

  • Identifying and classifying incidents

  • Notifying affected users (where applicable)

  • Root cause analysis and preventive action

  • Annual incident simulation drills to test readiness and effectiveness

11. Employee Training and Awareness

All Komplace employees receive training on:

  • Cybersecurity best practices

  • Data privacy and protection regulations

  • Phishing simulations and safe digital habits

  • Secure use of internal tools and platforms

12. Third-Party and Vendor Management

Third-party services must comply with Komplace’s security requirements and are assessed through:

  • Security questionnaires

  • Data processing agreements

  • Periodic audits if required

13. Continuous Improvement

We are committed to regularly reviewing and updating this Information Security Policy to adapt to changes in regulations, industry best practices, emerging technologies, and evolving cyber threats.

For questions about this policy or Komplace’s data protection practices, please contact: Email: [email protected] Website: https://docs.komplace.id/persyaratan-layanan/kebijakan-keamanan-informasi

PreviousKebijakan Keamanan InformasiNextKebijakan Keamanan Informasi

Last updated