Last updated : February 28, 2022
Last revision :
This Document is will be effective from Tuesday 1st March 2022
To see prior version, please click here.
Electronic System Operation Security Commitment and Guarantee
PT. Mandiri Tunggal Sejahtera Berkarya
- Based on the Government Regulation of the Republic of Indonesia Number 82 of 2012 concerning the Implementation of Electronic Systems and Transactions, electronic system operators are every person, state administrator, business entity, and community that provides, manages, and or operates electronic systems individually or jointly to users of electronic systems for their own purposes or for the needs of other parties.
- Regulation of the Ministry of Communication and Information of the Republic of Indonesia No. 20 of 2016 concerning Personal Data Protection (PDP).
- Regulation of the Ministry of Communication and Information of the Republic of Indonesia Number 36 of 2014 concerning Procedures for Registration of Electronic System Operators.
- Based on the commitment of PT. Mandiri Tunggal Sejahtera Works as an Electronic System Operator on the popitsnack.com site which was sent to the Ministry of Communication and Information Letter No: EXT/MEMO-KOMINFO/POPIT2019/BDG /002/13/MAY/2019.
That the electronic system operator carries out the implementation of the electronic system in public and non-public services. For public services, registration is required, while for non-public services, you can register with the Ministry of Communication and Information of the Republic of Indonesia.
The obligations of the electronic system operator in the management of the electronic system are as follows:
- Electronic system operators are required to guarantee the availability of service level agreements, the availability of information security agreements for the information technology services used and the security of information and internal communication facilities held.
- Electronic system operators are required to apply risk management to the resulting damage or loss.
- Electronic system operators are required to have governance policies, operating work procedures, and audit mechanisms that are conducted periodically on electronic systems.
- Electronic system operators are required to maintain the confidentiality, integrity and availability of personal data they manage.
- Guarantee that the acquisition, use, and utilization of personal data is based on the consent of the owner of the personal data, unless otherwise stipulated by the laws and regulations.
- Guarantee that the use or disclosure of data is carried out based on the consent of the owner of the personal data and in accordance with the objectives conveyed to the owner of the personal data at the time of data acquisition.
- If there is a failure in the protection of the confidentiality of the personal data it manages, the electronic system operator is obliged to notify the owner of the personal data in writing.
That the site owner of popitsnack.com and/or PT. Mandiri Tunggal Sejahtera Berkarya as a company has provided security guarantees for its users as determined by the Ministry of Communication and Information regarding the Electronic Administration System Registration Certificate which can be viewed by the public on the KOMINFO Official website with the PSE register number: 01529/DJAI.PSE/ 05/2019. PSE Set Date : May 21, 2019.
Users can enjoy the commitment of Popitsnack.com site manager and/or PT. Mandiri Tunggal Sejahtera Work as a company towards our transparency, information security, and data recovery capabilities. As a manifestation of the 4.0 industrial revolution in Indonesia, we offer transparent information security services.
Site Security (security update 28 February 2022)
Popitsnack.com site manager and/or PT. Mandiri Tunggal Sejahtera Berkarya as a company is committed to protecting your information, according to Our Commitment to Platform Security, and we take extra precautions to ensure that your data is safe by using the following procedures:
- We use two layers of firewall protection (one at the application level and one at the server level) to ensure that no unauthorized access attempts are allowed. The security system will occur in two layers. The network will be protected, the website will also be protected with a cryptographic and encryption system. With an explanation and mechanism, the browser’s data transmission system to the firewall will be protected using a 2048-bit RSA SSL certificate created by the manager and then data transmission from the webhost or server to the firewall will be protected using a commercial SSL Root Let’s Encrypt Certification Authority certificate to be forwarded to the public via Let’s Encrypt The RSA Certification Authority Public uses a cloud computing network. This system will affect an extra level of security on your data. You can guarantee data security, through firewall filtering, blocked, or banned. With protection using 2 layers of SSL, in addition to increasing security, it will also increase the credibility of the manager to the public and be more trusted.
- We use 2048-bit RSA SSL to authenticate users and transfer data. RSA is based on a simple mathematical approach, and that is why its implementation in a public key infrastructure (PKI) is easy. This adaptation to PKI and its security has made RSA the most widely used asymmetric encryption algorithm today. RSA is widely used in many applications, including SSL certificates, crypto-currency, and email encryption with PGP.
- Using the highest security protocol HSTS socket. HTTP Strict Transport Security (HSTS) is a web security policy mechanism designed to protect HTTPS websites from downgrade attacks and cookie hijacking. A web server configured to use HSTS instructs the web browser (or other client software) to only use HTTPS connections and disallows the use of the HTTP protocol.