AUTHORIZED DISTRIBUTOR SOPHOS INDONESIA

Security Policy

NEXT2, a consulting firm providing comprehensive consulting services, provides various services by utilizing NEXT2 intellectual property based on confidential information disclosed to NEXT2 by its clients.
Although NEXT2 has consistently implemented business ethics as a professional in its business conduct and has been striving for the establishment of an information management framework, NEXT2 has recognized the need to expressly reiterate its understanding that information security is one of the most important issues concerning the management and the business operation of NEXT2.

NEXT2 therefore establishes a basic policy on information security (the “Information Security Policy”) and will appropriately protect all information assets that NEXT2 deals with by ensuring that NEXT2 directors, officers and employees abide by the Information Security Policy set out below.

1. Establishment of Information Security Management System (“ISMS”)

NEXT2 ensures that all directors, officers and employees understand the importance of information security. NEXT2 establishes ISMS to ensure appropriate management of information assets and continuously seeks to improve ISMS.

2. Legal and Regulatory Compliance

NEXT2 ensures that its framework for information security is in compliance and conformity with the relevant local laws, regulations and other various standards. NEXT2 also fully complies with the spirit of those laws, regulations and other various standards.

3. Information Assets Protection

To appropriately protect information assets of NEXT2 and NEXT2 clients from threats to confidentiality, integrity and availability of such information assets and to ensure the continuity of NEXT2 business, NEXT2 formulates appropriate management plans for information assets of NEXT2 and NEXT2 clients for not only NEXT2 each department, but also NEXT2 business partners, having regard to their business activities and the form of their business.

4. Education and Training

NEXT2 will continuously train and educate its directors, officers and employees to raise their awareness of information security and implement an information security system in all of its business activities.

5. Incident Response

NEXT2 implements appropriate measures to prevent incidents relating to information security. In the event that such incidents occur, not only NEXT2 promptly deals with such incidents, but also takes steps to prevent the recurrence of similar incidents.

Last modified date: January 30, 2025