Service compliance audit can help customers meet requirements, standards and guidelines related to international information security compliance or criteria. Our team has the working knowledge of the following standards and attempt to meet or exceed their requirements.
The Regulations of Bank of Indonesia and Financial Services Authority of Indonesia (Otoritas Jasa Keuangan)
- POJK no.38/POJK.03/2016 (replaced PBI no.9/15/PBI/2007) – This policy states that all banks under the auspices of Bank Indonesia shall perform risk management practices in their IT environment.
- POJK no.19/POJK.03/2014 – Officeless Financial Services in Inclusive Financial Framework issued in the context of implementing Laku Pandai activities and to mitigate risks that may arise. It’s also support the realization of Inclusive Finance in Indonesia. In addition, this POJK was released to complete the legislation governing related matters.
- Bank Indonesia Regulation No. 18/40/PBI/2016 concerning the Implementation of Payment Transaction Processing
Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3: Regularly test security systems and processes.
It states that all PCI DSS-certified companies must develop and implement a methodology for penetration testing that includes external and internal penetration testing. This requirement also obliges all certified institution to perform penetration tests at least annually to verify the PCI DSS scope infrastructure are operational and effective.
ISO 27001: System acquisition, development and maintenance (A.14.2.8, A.14.2.9).
In the ISO 27001 controls, there are 3 sub-controls that require to be maintained and perform during regular compliance check:
- A.14.2.8 – System security testing
- A.14.2.9 – System acceptance test
- A.18.2.3 – Technical compliance review
Spentera can perform penetration tests on network infrastructure and applications to test the security of information systems based on those audit criteria.
Who need this?
Those who want to strengthen their IT Security based line.
Those who need to comply with certain regulations.
Those who need to comply with technical standards.