CFX Master Information Security Policy

CFX is fully committed to protecting all corporate information assets from a wide range of threats, whether internal or external, intentional or unintentional. This policy serves as the primary foundation for the implementation of the Information Security Management System (ISMS) throughout the organization to ensure business continuity, minimize risks, and strengthen stakeholder confidence.

CFX establishes the following information security objectives:

• Ensure Confidentiality, Integrity, and Availability (CIA): Safeguard information assets from unauthorized access, unlawful modification, and disruptions that may impede operational activities.
• Proactive Risk Management: Identify, analyze, and mitigate information security risks to a level acceptable to the company in order to protect CFX’s reputation and assets.
• Ensure Compliance: Adhere to all applicable legal and regulatory requirements in Indonesia (including the Electronic Information and Transactions Law and the Personal Data Protection Law), as well as international standards such as ISO/IEC 27001.
• Safeguard Business Continuity: Ensure that the company can maintain operations and recover swiftly from significant information security incidents.