1. This document outlines the IT security policy and procedures for PT JAS Aero-Engineering Services.
2. The policy describes procedures for requesting access and managing user accounts for the company's key information systems, which include the ORACLE accounting system, HRIS payroll and HR system, and purchasing system.
3. The document also covers data backup and disaster recovery procedures, information security controls like network access and password policies, and an annual recertification process to review user access rights and systems.
thesis-and-viva-voce preparation for research scholars
It security policy 2017
1. PT JAS Aero-Engineering Services
(PT JAES)
IT SECURITY POLICY
Version: 2.1
Classification: Restricted
CreationDate: Sep2015
Modification
Date:
April 2017
Maintainedby: IT
Appliesto: PT JAES
2. 1 Introduction
The purpose of this policy is to describe the IT procedures of PT JAES.
The Company’s key information systems are the following:
1. ORACLE – accounting information system
2. HRIS - payroll and HR administration system
3. Purchasing System– ORACLE
2 IT Request Procedures
2.1 ORACLE
1. Request User ID to IT Admin Finance Department
( Requestor )
2. Send User ID requestor to DF IT JAES
3. Verify and Approved give feedback to IT JAES Finance Department
( DF )
4. Create User ID IT CAS
5. Send Feedback ( User and Password ) IT CAS
6. Clarify User id and Password IT JAES / User
7. Account Oracle to be terminated upon notification from
respective Manager Finance
IT ( Requestor )
IT CAS ( Executor )
2.2 HRIS
1. HR Personal Admin input personal data into HRIS base one
employment agreement included employee ID, PIN
Attendance
Payroll/Personal
Admin
2. HR Personal admin email to IT JAES to Activate the HRIS and
Enroll into Finger Print
HR Department
3. IT activate user in HRIS and enroll into finger print IT JAES
4. HR Personal admin input the effective date of termination
into HRIS through career admin
HR Department
3. 2.3 Purchasing System
1. Requestor to fill up User ID Request Form and identify the
type of access right (i.e. Create RS or Create PR or Create PO
or Create RR) required. Send the form to HR & GA
Department for approval.
GA Department
2. HR & GA Manager to verify the request. Send approved User
ID Request Form to GA for filing.
GA Department
3. Account Email to be terminated upon notification from
respective Manager & HRGA SR Manager
IT ( Requestor ) IT
CAS ( Executor )
2.4 Email Creating
1. Requestor asking approval to respective manager / DO ALL Department
2. Respective manager / DO to clarify the requests and send
approval to HRGA SR Manager
HRGA Department
3. Create a new email upon approval by Respective Manager /
DO & HRGA SR Manager
Administrator / IT
4. Account Email to be terminated upon notification from
respective manager & HRGA SR Manager
Administrator / IT
4. 3 Disaster &Recovery/DataBack Up
3.1 Backup Frequency
The following data master file/data file should have a back up Copy Server CAS ( Oracle ), Server Jas
( HRIS ), and Wd Cloud (Personal PC User):
Frequency Responsible Department
ORACLE Semester Finance ( CAS Group )
HRIS ( Jes JAS ) Semester HR/Payroll ( JAS Group )
Purchasing System ( ORACLE ) Semester GA ( CAS Group )
Backup data restoration test for ORACLE, HRIS and Purchasing System will be conducted annually
to ensure the backup data can be recovered. Upon successfully tested the restoration, a Backup
Data Restore Test Signoff form will be filled and filed with respective department. Any unsuccessful
tests will be investigated and resolved within reasonable time and a re-test will be conducted in the
same year. Backup DataHO, Finance , HRD, GA in WD Cloud Server, and Operation into google Drive
every month.
4 InformationSecurity
4.1 Network Access
• The user is held accountable to any circumstance that may arise from the use/misuse of his
network account. Password should be kept to one’s self to prevent unauthorized persons from
using other network accounts.
• President Director has the right to disable any network account and hinder network access by
the user if the he deems necessary
• Network account is automatically removed from the system after the employee is separated
from the Company
• Block Konten Porn, sex, Drug Abuse, Games, Hacking, Proxy, Abortion, Alcohol, Nudity,
Weapons.
4.2 Audit Trail Oracle and HRIS are reviewed annually by DF and PD
4.3 Vendor Master File review by GA Manager.
4.4 Customer Master File review by Finance Manager.
4.5 Create or Changes Vendor and Customer Master must have the Approval Form Issued by
Relevant Deparment
4.6 System & Network Password Control
• Passwords are confidential and must never be shared with another
• Password cannot be the same as the username
• Password must be at least six (6) characters
• Password must be changed within ninety (90) days
4.7 New system / Change request
• New System or systemchange must be provided with the sign off by managers and Acceptance
Test/UAT by user.
5. 4.8 Policy User PC & LAPTOP
• Staff must using the standard user to access PC & laptop
• Only administrator allowed to install or update in PC
• Only Company Approval Software allow to be installed
• Staff must use PC & Laptop From PT. JAS Aero Engineering Services
4.9 Recertification
Review of Segregation of Duty (SOD) matrix, user IDs and user access rights for ORACLE, HRIS and
Purchasing System will be conducted annually to ensure relevance to the business units. Upon the
completion of the reviews, a Recertification Signoff form and all attachments (SOD matrix, user IDs
and user access rights) will be filled and filed with respective department. The following shows the
steps to complete the exercise:
Step Description System Person
1 Generate user access listing. This
listing should show the user IDs and
the type of access rights
1. Oracle
2. HRIS
3. ORACLE
1. IWAN (CAS IT)
2. Adi (HR)
3. IWAN (CAS IT)
2 Review Segregation of Duty matrix and
make changes if necessary
1. ORACLE
2. HRIS
3. ORACLE
1. Albert ( Finance )
2. Prins (M HR)
3. Bambang (SM HRGA)
3 Review the user access listing and
raise request forms to remove all
unnecessary access rights or user IDs
1. ORACLE
2. HRIS
3. ORACLE
1. Albert (Finance)
2. Prins (M HRGA)
3. Bambang (SM HRGA)
4 Generate user access listing again. This
listing should show the user IDs and
the type of access rights
1. ORACLE
2. HRIS
3. ORACLE
1. IWAN (CAS IT)
2. Prins (M HR)
3. IWAN (CAS IT)
5 Fill and sign off the Recertification
Signoff form and attached it with the
user access listing and SOD matrix
1. ORACLE
2. HRIS
3. ORACLE
1. Albert (Finance )
2. Bambang (HRGA )
3. Bambang (SM HRGA)
6 To file the item 5 with respective
department
1. ORACLE
2. HRIS
3. ORACLE
1. Teten (Finance )
2. Adi (HR )
3. Dian ( GA )
7 To change the Management System,
and have to go through a procedure
that has been approved by each
manager
1. ORACLE
2. HRIS
3. ORACLE
1. Albert ( Finance )
2. Prins (M HR)
3. Bambang (SM HRGA)
4.10 The Policy subject to be reviewed annually
6. Prepared by
Ilman Abdul Azies
Acknowledge by
Bambang Satwoko Albertus Panjaitan Slamet Widodo
HR GA Corsec Manager Finance Manager HR Manager
Approve by
Werry Orbani
President Director