SlideShare a Scribd company logo

It security policy 2017

I
ilmanazies

1. This document outlines the IT security policy and procedures for PT JAS Aero-Engineering Services. 2. The policy describes procedures for requesting access and managing user accounts for the company's key information systems, which include the ORACLE accounting system, HRIS payroll and HR system, and purchasing system. 3. The document also covers data backup and disaster recovery procedures, information security controls like network access and password policies, and an annual recertification process to review user access rights and systems.

Leadership & Management
1 of 6
PT JAS Aero-Engineering Services (PT JAES) IT SECURITY POLICY Version: 2.1 Classification: Restricted CreationDate: Sep2015 Modification Date: April 2017 Maintainedby: IT Appliesto: PT JAES
1 Introduction The purpose of this policy is to describe the IT procedures of PT JAES. The Company’s key information systems are the following: 1. ORACLE – accounting information system 2. HRIS - payroll and HR administration system 3. Purchasing System– ORACLE 2 IT Request Procedures 2.1 ORACLE 1. Request User ID to IT Admin Finance Department ( Requestor ) 2. Send User ID requestor to DF IT JAES 3. Verify and Approved give feedback to IT JAES Finance Department ( DF ) 4. Create User ID IT CAS 5. Send Feedback ( User and Password ) IT CAS 6. Clarify User id and Password IT JAES / User 7. Account Oracle to be terminated upon notification from respective Manager Finance IT ( Requestor ) IT CAS ( Executor ) 2.2 HRIS 1. HR Personal Admin input personal data into HRIS base one employment agreement included employee ID, PIN Attendance Payroll/Personal Admin 2. HR Personal admin email to IT JAES to Activate the HRIS and Enroll into Finger Print HR Department 3. IT activate user in HRIS and enroll into finger print IT JAES 4. HR Personal admin input the effective date of termination into HRIS through career admin HR Department
2.3 Purchasing System 1. Requestor to fill up User ID Request Form and identify the type of access right (i.e. Create RS or Create PR or Create PO or Create RR) required. Send the form to HR & GA Department for approval. GA Department 2. HR & GA Manager to verify the request. Send approved User ID Request Form to GA for filing. GA Department 3. Account Email to be terminated upon notification from respective Manager & HRGA SR Manager IT ( Requestor ) IT CAS ( Executor ) 2.4 Email Creating 1. Requestor asking approval to respective manager / DO ALL Department 2. Respective manager / DO to clarify the requests and send approval to HRGA SR Manager HRGA Department 3. Create a new email upon approval by Respective Manager / DO & HRGA SR Manager Administrator / IT 4. Account Email to be terminated upon notification from respective manager & HRGA SR Manager Administrator / IT
3 Disaster &Recovery/DataBack Up 3.1 Backup Frequency The following data master file/data file should have a back up Copy Server CAS ( Oracle ), Server Jas ( HRIS ), and Wd Cloud (Personal PC User): Frequency Responsible Department ORACLE Semester Finance ( CAS Group ) HRIS ( Jes JAS ) Semester HR/Payroll ( JAS Group ) Purchasing System ( ORACLE ) Semester GA ( CAS Group ) Backup data restoration test for ORACLE, HRIS and Purchasing System will be conducted annually to ensure the backup data can be recovered. Upon successfully tested the restoration, a Backup Data Restore Test Signoff form will be filled and filed with respective department. Any unsuccessful tests will be investigated and resolved within reasonable time and a re-test will be conducted in the same year. Backup DataHO, Finance , HRD, GA in WD Cloud Server, and Operation into google Drive every month. 4 InformationSecurity 4.1 Network Access • The user is held accountable to any circumstance that may arise from the use/misuse of his network account. Password should be kept to one’s self to prevent unauthorized persons from using other network accounts. • President Director has the right to disable any network account and hinder network access by the user if the he deems necessary • Network account is automatically removed from the system after the employee is separated from the Company • Block Konten Porn, sex, Drug Abuse, Games, Hacking, Proxy, Abortion, Alcohol, Nudity, Weapons. 4.2 Audit Trail Oracle and HRIS are reviewed annually by DF and PD 4.3 Vendor Master File review by GA Manager. 4.4 Customer Master File review by Finance Manager. 4.5 Create or Changes Vendor and Customer Master must have the Approval Form Issued by Relevant Deparment 4.6 System & Network Password Control • Passwords are confidential and must never be shared with another • Password cannot be the same as the username • Password must be at least six (6) characters • Password must be changed within ninety (90) days 4.7 New system / Change request • New System or systemchange must be provided with the sign off by managers and Acceptance Test/UAT by user.
4.8 Policy User PC & LAPTOP • Staff must using the standard user to access PC & laptop • Only administrator allowed to install or update in PC • Only Company Approval Software allow to be installed • Staff must use PC & Laptop From PT. JAS Aero Engineering Services 4.9 Recertification Review of Segregation of Duty (SOD) matrix, user IDs and user access rights for ORACLE, HRIS and Purchasing System will be conducted annually to ensure relevance to the business units. Upon the completion of the reviews, a Recertification Signoff form and all attachments (SOD matrix, user IDs and user access rights) will be filled and filed with respective department. The following shows the steps to complete the exercise: Step Description System Person 1 Generate user access listing. This listing should show the user IDs and the type of access rights 1. Oracle 2. HRIS 3. ORACLE 1. IWAN (CAS IT) 2. Adi (HR) 3. IWAN (CAS IT) 2 Review Segregation of Duty matrix and make changes if necessary 1. ORACLE 2. HRIS 3. ORACLE 1. Albert ( Finance ) 2. Prins (M HR) 3. Bambang (SM HRGA) 3 Review the user access listing and raise request forms to remove all unnecessary access rights or user IDs 1. ORACLE 2. HRIS 3. ORACLE 1. Albert (Finance) 2. Prins (M HRGA) 3. Bambang (SM HRGA) 4 Generate user access listing again. This listing should show the user IDs and the type of access rights 1. ORACLE 2. HRIS 3. ORACLE 1. IWAN (CAS IT) 2. Prins (M HR) 3. IWAN (CAS IT) 5 Fill and sign off the Recertification Signoff form and attached it with the user access listing and SOD matrix 1. ORACLE 2. HRIS 3. ORACLE 1. Albert (Finance ) 2. Bambang (HRGA ) 3. Bambang (SM HRGA) 6 To file the item 5 with respective department 1. ORACLE 2. HRIS 3. ORACLE 1. Teten (Finance ) 2. Adi (HR ) 3. Dian ( GA ) 7 To change the Management System, and have to go through a procedure that has been approved by each manager 1. ORACLE 2. HRIS 3. ORACLE 1. Albert ( Finance ) 2. Prins (M HR) 3. Bambang (SM HRGA) 4.10 The Policy subject to be reviewed annually
Prepared by Ilman Abdul Azies Acknowledge by Bambang Satwoko Albertus Panjaitan Slamet Widodo HR GA Corsec Manager Finance Manager HR Manager Approve by Werry Orbani President Director

Recommended

Accessing IDT Scheduler Online (2)
Accessing IDT Scheduler Online (2)Accessing IDT Scheduler Online (2)
Accessing IDT Scheduler Online (2)
Austin Skidmore
 
DRM
DRMDRM
DRM
AnkurAggarwal89
 
SRS CPP LAB.docx
SRS CPP LAB.docxSRS CPP LAB.docx
SRS CPP LAB.docx
ajithpkumar1
 
Leave Management System: Software Requirements Specification Document(SRS)
Leave Management System: Software Requirements Specification Document(SRS) Leave Management System: Software Requirements Specification Document(SRS)
Leave Management System: Software Requirements Specification Document(SRS)
Abhilasha Lahigude
 
Epp delivery controller rev1 - 23 06-2014
Epp delivery controller rev1 - 23 06-2014Epp delivery controller rev1 - 23 06-2014
Epp delivery controller rev1 - 23 06-2014
baijubabu4s
 
Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907
nightskyy
 
Assignment of database
Assignment of databaseAssignment of database
Assignment of database
ra na
 
Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
LJ PROJECTS
 

Recommended

Accessing IDT Scheduler Online (2)
Accessing IDT Scheduler Online (2)Accessing IDT Scheduler Online (2)
Accessing IDT Scheduler Online (2)
Austin Skidmore
 
DRM
DRMDRM
DRM
AnkurAggarwal89
 
SRS CPP LAB.docx
SRS CPP LAB.docxSRS CPP LAB.docx
SRS CPP LAB.docx
ajithpkumar1
 
Leave Management System: Software Requirements Specification Document(SRS)
Leave Management System: Software Requirements Specification Document(SRS) Leave Management System: Software Requirements Specification Document(SRS)
Leave Management System: Software Requirements Specification Document(SRS)
Abhilasha Lahigude
 
Epp delivery controller rev1 - 23 06-2014
Epp delivery controller rev1 - 23 06-2014Epp delivery controller rev1 - 23 06-2014
Epp delivery controller rev1 - 23 06-2014
baijubabu4s
 
Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907
nightskyy
 
Assignment of database
Assignment of databaseAssignment of database
Assignment of database
ra na
 
Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
LJ PROJECTS
 
CTTS Case Study
CTTS Case StudyCTTS Case Study
CTTS Case Study
Nicholai Stevens
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet Deployment
Hitachi ID Systems, Inc.
 
Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)
ANISUR RAHMAN
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
ncct
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
ncct
 
Password policy template
Password policy templatePassword policy template
Password policy template
Jayaramachandran Rajendran
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
evonnehoggarth79783
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
taishao1
 
Services Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process AutomationServices Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process Automation
Nathaniel Palmer
 
Level 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system accessLevel 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system access
joeblow1234
 
Trim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation servicesTrim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation services
Radhika Kokane
 
Leave Management System Documentation
Leave Management System DocumentationLeave Management System Documentation
Leave Management System Documentation
muzammil siddiq
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
Guni Sonow
 
1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx
drennanmicah
 
Software requirement specification(SRS)
Software requirement specification(SRS)Software requirement specification(SRS)
Software requirement specification(SRS)
Mohammad Emrul Hassan Emon
 
IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET Journal
 
PFC Bidders’ Presentation-V2.pptx
PFC Bidders’ Presentation-V2.pptxPFC Bidders’ Presentation-V2.pptx
PFC Bidders’ Presentation-V2.pptx
AbhishekJha401
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
duketjoy27252
 
Application development proposal draft
Application development proposal draftApplication development proposal draft
Application development proposal draft
Suresh Koujalagi
 
Project file
Project fileProject file
Project file
Manisha Sharma
 
Spring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical ReviewSpring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical Review
yalehistoricalreview
 
DrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project ManagementDrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project Management
Norah Medlin
 

More Related Content

Similar to It security policy 2017

Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet Deployment
Hitachi ID Systems, Inc.
 
Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)
ANISUR RAHMAN
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
ncct
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
ncct
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
evonnehoggarth79783
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
taishao1
 
Services Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process AutomationServices Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process Automation
Nathaniel Palmer
 
Level 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system accessLevel 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system access
joeblow1234
 
Leave Management System Documentation
Leave Management System DocumentationLeave Management System Documentation
Leave Management System Documentation
muzammil siddiq
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
Guni Sonow
 
1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx
drennanmicah
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
duketjoy27252
 

Similar to It security policy 2017 (20)

CTTS Case Study
CTTS Case StudyCTTS Case Study
CTTS Case Study
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet Deployment
 
Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
 
Employee Profile Management System
Employee Profile Management SystemEmployee Profile Management System
Employee Profile Management System
 
Password policy template
Password policy templatePassword policy template
Password policy template
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
 
5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx5222020 SafeAssign Originality ReportfileCUsersDl.docx
5222020 SafeAssign Originality ReportfileCUsersDl.docx
 
Services Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process AutomationServices Industry Case Study: A Practical Approach To Process Automation
Services Industry Case Study: A Practical Approach To Process Automation
 
Level 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system accessLevel 3 lsr tech solutions employee system access
Level 3 lsr tech solutions employee system access
 
Trim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation servicesTrim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation services
 
Leave Management System Documentation
Leave Management System DocumentationLeave Management System Documentation
Leave Management System Documentation
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
 
1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx1RUNNING HEAD Normalization2NormalizationNORM.docx
1RUNNING HEAD Normalization2NormalizationNORM.docx
 
Software requirement specification(SRS)
Software requirement specification(SRS)Software requirement specification(SRS)
Software requirement specification(SRS)
 
IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with Privacy
 
PFC Bidders’ Presentation-V2.pptx
PFC Bidders’ Presentation-V2.pptxPFC Bidders’ Presentation-V2.pptx
PFC Bidders’ Presentation-V2.pptx
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
 
Application development proposal draft
Application development proposal draftApplication development proposal draft
Application development proposal draft
 
Project file
Project fileProject file
Project file
 

Recently uploaded

LECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptxLECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptx
shahzadnasim3
 
Disaster management for class 10 students
Disaster management for class 10 studentsDisaster management for class 10 students
Disaster management for class 10 students
madhav072009
 

Recently uploaded (10)

Spring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical ReviewSpring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical Review
 
DrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project ManagementDrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project Management
 
Internal Reconstruction Corporate accounting by bhumika Garg
Internal Reconstruction Corporate accounting by bhumika GargInternal Reconstruction Corporate accounting by bhumika Garg
Internal Reconstruction Corporate accounting by bhumika Garg
 
Group work -meaning and definitions- Characteristics and Importance
Group work -meaning and definitions- Characteristics and ImportanceGroup work -meaning and definitions- Characteristics and Importance
Group work -meaning and definitions- Characteristics and Importance
 
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out PackagingW.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.
 
LECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptxLECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptx
 
Disaster management for class 10 students
Disaster management for class 10 studentsDisaster management for class 10 students
Disaster management for class 10 students
 
Marketing Management 16 Global Edition by Philip Kotler test bank.docx
Marketing Management 16 Global Edition by Philip Kotler test bank.docxMarketing Management 16 Global Edition by Philip Kotler test bank.docx
Marketing Management 16 Global Edition by Philip Kotler test bank.docx
 
thesis-and-viva-voce preparation for research scholars
thesis-and-viva-voce preparation for research scholarsthesis-and-viva-voce preparation for research scholars
thesis-and-viva-voce preparation for research scholars
 

It security policy 2017

  • 1. PT JAS Aero-Engineering Services (PT JAES) IT SECURITY POLICY Version: 2.1 Classification: Restricted CreationDate: Sep2015 Modification Date: April 2017 Maintainedby: IT Appliesto: PT JAES
  • 2. 1 Introduction The purpose of this policy is to describe the IT procedures of PT JAES. The Company’s key information systems are the following: 1. ORACLE – accounting information system 2. HRIS - payroll and HR administration system 3. Purchasing System– ORACLE 2 IT Request Procedures 2.1 ORACLE 1. Request User ID to IT Admin Finance Department ( Requestor ) 2. Send User ID requestor to DF IT JAES 3. Verify and Approved give feedback to IT JAES Finance Department ( DF ) 4. Create User ID IT CAS 5. Send Feedback ( User and Password ) IT CAS 6. Clarify User id and Password IT JAES / User 7. Account Oracle to be terminated upon notification from respective Manager Finance IT ( Requestor ) IT CAS ( Executor ) 2.2 HRIS 1. HR Personal Admin input personal data into HRIS base one employment agreement included employee ID, PIN Attendance Payroll/Personal Admin 2. HR Personal admin email to IT JAES to Activate the HRIS and Enroll into Finger Print HR Department 3. IT activate user in HRIS and enroll into finger print IT JAES 4. HR Personal admin input the effective date of termination into HRIS through career admin HR Department
  • 3. 2.3 Purchasing System 1. Requestor to fill up User ID Request Form and identify the type of access right (i.e. Create RS or Create PR or Create PO or Create RR) required. Send the form to HR & GA Department for approval. GA Department 2. HR & GA Manager to verify the request. Send approved User ID Request Form to GA for filing. GA Department 3. Account Email to be terminated upon notification from respective Manager & HRGA SR Manager IT ( Requestor ) IT CAS ( Executor ) 2.4 Email Creating 1. Requestor asking approval to respective manager / DO ALL Department 2. Respective manager / DO to clarify the requests and send approval to HRGA SR Manager HRGA Department 3. Create a new email upon approval by Respective Manager / DO & HRGA SR Manager Administrator / IT 4. Account Email to be terminated upon notification from respective manager & HRGA SR Manager Administrator / IT
  • 4. 3 Disaster &Recovery/DataBack Up 3.1 Backup Frequency The following data master file/data file should have a back up Copy Server CAS ( Oracle ), Server Jas ( HRIS ), and Wd Cloud (Personal PC User): Frequency Responsible Department ORACLE Semester Finance ( CAS Group ) HRIS ( Jes JAS ) Semester HR/Payroll ( JAS Group ) Purchasing System ( ORACLE ) Semester GA ( CAS Group ) Backup data restoration test for ORACLE, HRIS and Purchasing System will be conducted annually to ensure the backup data can be recovered. Upon successfully tested the restoration, a Backup Data Restore Test Signoff form will be filled and filed with respective department. Any unsuccessful tests will be investigated and resolved within reasonable time and a re-test will be conducted in the same year. Backup DataHO, Finance , HRD, GA in WD Cloud Server, and Operation into google Drive every month. 4 InformationSecurity 4.1 Network Access • The user is held accountable to any circumstance that may arise from the use/misuse of his network account. Password should be kept to one’s self to prevent unauthorized persons from using other network accounts. • President Director has the right to disable any network account and hinder network access by the user if the he deems necessary • Network account is automatically removed from the system after the employee is separated from the Company • Block Konten Porn, sex, Drug Abuse, Games, Hacking, Proxy, Abortion, Alcohol, Nudity, Weapons. 4.2 Audit Trail Oracle and HRIS are reviewed annually by DF and PD 4.3 Vendor Master File review by GA Manager. 4.4 Customer Master File review by Finance Manager. 4.5 Create or Changes Vendor and Customer Master must have the Approval Form Issued by Relevant Deparment 4.6 System & Network Password Control • Passwords are confidential and must never be shared with another • Password cannot be the same as the username • Password must be at least six (6) characters • Password must be changed within ninety (90) days 4.7 New system / Change request • New System or systemchange must be provided with the sign off by managers and Acceptance Test/UAT by user.
  • 5. 4.8 Policy User PC & LAPTOP • Staff must using the standard user to access PC & laptop • Only administrator allowed to install or update in PC • Only Company Approval Software allow to be installed • Staff must use PC & Laptop From PT. JAS Aero Engineering Services 4.9 Recertification Review of Segregation of Duty (SOD) matrix, user IDs and user access rights for ORACLE, HRIS and Purchasing System will be conducted annually to ensure relevance to the business units. Upon the completion of the reviews, a Recertification Signoff form and all attachments (SOD matrix, user IDs and user access rights) will be filled and filed with respective department. The following shows the steps to complete the exercise: Step Description System Person 1 Generate user access listing. This listing should show the user IDs and the type of access rights 1. Oracle 2. HRIS 3. ORACLE 1. IWAN (CAS IT) 2. Adi (HR) 3. IWAN (CAS IT) 2 Review Segregation of Duty matrix and make changes if necessary 1. ORACLE 2. HRIS 3. ORACLE 1. Albert ( Finance ) 2. Prins (M HR) 3. Bambang (SM HRGA) 3 Review the user access listing and raise request forms to remove all unnecessary access rights or user IDs 1. ORACLE 2. HRIS 3. ORACLE 1. Albert (Finance) 2. Prins (M HRGA) 3. Bambang (SM HRGA) 4 Generate user access listing again. This listing should show the user IDs and the type of access rights 1. ORACLE 2. HRIS 3. ORACLE 1. IWAN (CAS IT) 2. Prins (M HR) 3. IWAN (CAS IT) 5 Fill and sign off the Recertification Signoff form and attached it with the user access listing and SOD matrix 1. ORACLE 2. HRIS 3. ORACLE 1. Albert (Finance ) 2. Bambang (HRGA ) 3. Bambang (SM HRGA) 6 To file the item 5 with respective department 1. ORACLE 2. HRIS 3. ORACLE 1. Teten (Finance ) 2. Adi (HR ) 3. Dian ( GA ) 7 To change the Management System, and have to go through a procedure that has been approved by each manager 1. ORACLE 2. HRIS 3. ORACLE 1. Albert ( Finance ) 2. Prins (M HR) 3. Bambang (SM HRGA) 4.10 The Policy subject to be reviewed annually
  • 6. Prepared by Ilman Abdul Azies Acknowledge by Bambang Satwoko Albertus Panjaitan Slamet Widodo HR GA Corsec Manager Finance Manager HR Manager Approve by Werry Orbani President Director