Commitment to Information Security and Anti-Bribery Management Systems

MUC Consulting is committed to conducting business with integrity and accountability. As part of this commitment, we implement the Information Security Management System (ISMS) and the Anti-Bribery Management System (ABMS) to strengthen our corporate governance and embody our role as a good corporate citizen.

Through ISMS, we ensure that all information is managed securely—preserving its confidentiality, accuracy, and availability. Meanwhile, the implementation of ABMS is aimed at preventing bribery in all aspects of our business operations, in alignment with our strong anti-corruption principles.

Both systems are implemented in accordance with international standards ISO/IEC 27001:2022 and ISO 37001:2016, serving as the foundation for fostering a culture of compliance, transparency, and professionalism across all levels of the organization.

The statements of policy on information security management system (ISMS) and anti-bribery management system (ABMS) are as follows:

1. Information is a key asset in the operations of MUC Consulting. Therefore, confidentiality, integrity, and availability of information must be managed in a manner that ensures its security.
2. The implementation of ISMS and ABMS atMUC Consulting refers to ISO/IEC 27001:2022 and ISO 37001:2016.
3. The top management of MUC Consulting consistently demonstrates leadership and commitment in implementing the ISMS in accordance with regulatory requirements throughout the business processes of MUC Consulting.
4. Information security policies must be communicated to all employees and third parties regarding the available communication channels to ensure a clear understanding and compliance.
5. MUC Consulting will continuously strive to enhance awareness, knowledge, and skills related to information security among internal employees and relevant external parties.
6. MUC Consulting conducts assessments and manages risks related to information security based on vulnerabilities and threats present in each asset or process.
7. In maintaining corporate integrity, every personnel of PMUC Consulting may not be involved in any money laundering activities and is encouraged to report any related suspicious behavior to the Person in Charge of the Management System Implementation.
8. In case of any vulnerabilities and threats that may potentially disrupt the implementation of the ISMS and ABMS, all relevant parties are required to report them to the Person in Charge of Management System Implementation.
9. All leaders at all levels are responsible for monitoring and evaluating the effectiveness of the policy implementation in the work unit/division under their supervision.
10. Any violation of these policies and other related policies will be subject to administrative sanctions in accordance with company regulations.
11. More technical policies and procedures will be prepared separately and established by referring to the principles set out in this statement of policy.
12. MUC Consulting is committed to sustainable enhancement of the implementation of the ISMS and ABMS to ensure conformity, adequacy, and effectiveness of the management systems.
13. MUC Consulting is committed to complying with applicable laws and regulations in Indonesia.
14. MUC Consulting is committed to achieving the determined management system targets.
15. MUC Consulting is committed to ensuring the safety of the whistleblower and the reported individual through the established whistleblowing system.
16. The company’s internal parties such as the top management, board of advisors, and employees must be responsible for supporting the implementation of ISMS and ABMS policies at MUC Consulting.
17. MUC Consulting condemns the practices of bribery, corruption, or other unlawful practices.
18. MUC Consulting has determined the anti-bribery compliance function attached in a separate appointment letter to ensure effective implementation of the ABMS.
19. The statements of policy of ISMS and ABMS will be reviewed regularly at least once a year or in case of any significant changes.
20. This policy will be communicated to all relevant parties, both internal and external.