Information is the main asset in the operational process at PT Hoki Surya Ningrat. Therefore, confidentiality, integrity, and information availability shall be managed to maintain its security.
Implementing the Information Security Management System (ISMS) at PT Hoki Surya Ningrat refers to the ISO/IEC 27001:2022 ISMS standard.
The top management of PT Hoki Surya Ningrat always shows leadership and commitment to implementing the ISMS in the organization.
The ISMS must be communicated to all employees and related third parties through existing communication media to make it easily understood and followed.
PT Hoki Surya Ningrat shall continuously increase awareness, knowledge, and skills regarding information security for internal employees and related external parties.
The organization conducts studies and manages risks related to information security based on the threats and vulnerabilities that exist in each asset and process.
If there are any threats and vulnerabilities that have the potential to disrupt information security, all interested parties must report to ISMS Head or other designated officers.
All leaders at all levels are responsible for monitoring and evaluating the effectiveness of applying this policy in all work units/sections under their supervision.
All employees are responsible for maintaining and protecting the security of information assets and complying with established ISMS policies and procedures.
Any violation of this policy and other related policies will be subjected to administrative sanctions such as revocation of access rights to information systems and disciplinary actions in accordance with applicable regulations.
All technical policies and procedures will be created and implemented separately by referring to the principles set out in the ISMS Technical Policy.
ISMS General Policy is reviewed at least once a year or if there are any significant changes.
The organization shall continuously improve the ISMS’s suitability, adequacy, and effectiveness.
The organization is committed to complying with the regulations and laws in force in Indonesia.
The organization is committed to carrying out improvements to the suitability of the ISMS immediately and improvements to the ISMS in a planned manner.