This Information Security Policy describes the security principles and controls that PT Beklen Royal Lestari (“Provider”) aims to apply in connection with the Services.
1.1 This Policy summarizes Provider’s general information security approach for the Services.
1.2 This Policy applies to the Services and to personnel or third parties authorized to administer or support the Services.
For purposes of this Policy:
“Customer” means any individual or legal entity subscribing to, purchasing, accessing, or using the Services.
“Customer Data” means any data, mailbox-related operational data, account data, support data, configuration data, technical data, personal data, and other information submitted by, for, or on behalf of Customer, or processed in connection with the Services.
“Services” means SIP Shield website access, dashboard, desktop agent, onboarding, support, maintenance, updates, and related services made available by Provider.
Provider’s security objectives are to support:
a. confidentiality of information;
b. integrity of systems and data;
c. availability and resilience of services;
d. accountability in access and administrative actions;
e. timely response to incidents and vulnerabilities; and
f. lawful and responsible handling of Customer Data.
Provider aims to operate in accordance with the following principles:
a. least-privilege access;
b. need-to-know data access;
c. defense-in-depth;
d. secure configuration and change control;
e. data minimization;
f. logging and accountability;
g. incident preparedness; and
h. continuous improvement.
5.1 Access to systems, dashboards, internal tools, and operational environments should be restricted to authorized personnel with a legitimate business need.
5.2 Administrative access should be limited, role-based where feasible, and reviewed periodically.
5.3 Shared credentials should be avoided where reasonably possible, and access should be revoked or updated promptly when no longer required.
6.1 Provider recognizes that mailbox credentials, secrets, and access tokens are sensitive.
6.2 Where the Services are designed to use local desktop handling for mailbox access, Provider aims to maintain that architecture in a manner that reduces unnecessary credential storage on centralized systems.
6.3 Where credentials, tokens, secrets, or configuration artifacts must be handled operationally, Provider aims to apply appropriate security measures, limited access, and controlled retention.
Provider aims to apply reasonable technical and organizational measures, which may include:
a. secure configuration standards;
b. patching and update processes;
c. malware protection and endpoint safeguards where relevant;
d. separation of environments where feasible;
e. restricted administrative pathways;
f. logging and monitoring of important system events; and
g. measures intended to reduce unauthorized access, misuse, or service disruption.
Provider seeks to protect Customer Data and personal data in a manner consistent with the Privacy Policy and applicable law.
Provider aims to:
a. collect only data reasonably necessary for operation, support, security, and improvement of the Services;
b. limit internal access to Customer Data;
c. use secure transmission and storage practices where appropriate;
d. retain data only as reasonably necessary or legally required; and
e. securely delete, anonymize, or dispose of data when no longer needed.
9.1 Provider may maintain logs, alerts, and operational records necessary to support security, troubleshooting, fraud prevention, system integrity, and compliance.
9.2 Access to such records should be limited to authorized personnel.
10.1 Provider aims to identify, assess, prioritize, and address vulnerabilities and security weaknesses within a reasonable time based on severity, operational risk, and technical feasibility.
10.2 Provider aims to investigate credible security events and take reasonable containment, remediation, and recovery measures.
10.3 Where required by law, contract, or the circumstances of a material incident, Provider may notify affected customers or competent authorities.
Provider seeks to maintain reasonable measures to support service continuity and operational resilience, which may include backup practices, recovery procedures, redundancy planning, incident escalation, and controlled maintenance activities.
Security is a shared responsibility. Customer is expected to:
a. maintain secure devices and operating environments;
b. protect its own credentials and administrator accounts;
c. ensure lawful authority for any Mailbox or system connected to the Services;
d. promptly report suspected misuse, compromise, or abnormal behavior; and
e. follow deployment, support, and operational guidance where relevant.
No security framework, software environment, infrastructure stack, or internet-based service can guarantee absolute security. Accordingly, while Provider aims to apply reasonable safeguards, Provider does not warrant that the Services will be immune from all vulnerabilities, attacks, failures, or unauthorized acts.
Security concerns, suspected vulnerabilities, or incident notifications may be directed to:
PT Beklen Royal Lestari
Email: help@sipshield.id
WhatsApp: +62 811-8049-911
This Policy should be read together with the SIP Shield Terms and Conditions, SIP Shield Privacy Policy, SIP Shield Ethics and Responsible Use Policy, and SIP Shield Anti-Bribery, Anti-Corruption, Anti-Collusion, and Anti-Gratuities Policy.
Provider may amend this Policy from time to time. Updated versions become effective upon publication unless otherwise stated.