ISO 27001: Qiscus’ Commitment to User Security

Qiscus ISO 27001

The utilization of data and digitization is unavoidable in the Industrial 4.0 era. On the one hand, innovation benefits businesses in all sectors, from ordering goods and payment transactions to booking appointments with doctors. However, there is another side to this rapid technological advancement. Information security and privacy issues have become the preoccupation of many businesses especially in the light of cybersecurity.

In Indonesia itself, the state’s cybersecurity agency Badan Siberdan Sandi Negara (BSSN) reported that 495,337,202 cyber attacks occurred in Indonesia in 2020, where most of these attacks were in the form of trojan malware which stole data. Indonesia’s national media also reported at least 5 to 7 cases of data leakages experienced by various private companies and institutions, with accumulated data leak incidents reaching hundreds of millions. In light of this, Qiscus has been focusing on implementing specific standards related to consumer and corporate information security to safeguard data and usage for users of our products and services.

Data Security Measures at Qiscus

Like any other business, we collect, use and process data to better understand consumers and deliver the right solutions. To ensure the security of the data we collect, Qiscus makes various efforts and establishes specific security standards.

In terms of data storage, we adopt a cloud system and implement user access management as a standard of use. Access levels are separated based on their roles and there is a need to ensure that the data is used according to specific needs.

In the use of data, we ensure that each team maintain information security. As a concrete step, we regularly disseminate memos related to information security procedures to all staff. In addition, we also require the use of a Virtual Private Network (VPN) for back-office applications to ensure the security of the Internet connection of the team which interacts directly with the data.

Furthermore, we continuously monitor access to all systems and applications used. Each access is regularly monitored and evaluated based on activity and access level to control account access for active users.

Apart from the steps taken by the internal team to ensure data safety and confidentiality, we also ensure that data confidentiality is guaranteed when carrying out a project with other stakeholders, including partners and clients. This is done through the dissemination of and compliance to the Non-Disclosure Agreement (NDA) for parties who process confidential and sensitive information. This NDA will provide a legal umbrella so that access to information considered confidential and sensitive is not misused and are only permitted to be used by authorized personnel.

Apart from implementing some of the steps above, we also conduct internal audits and review the effectiveness of implementing the Information Security Management System (ISMS) annually. Insights and suggestions from the results of these internal audits are used to improve security to continue to maintain customer trust in Qiscus.

Priority of Securing Customer Data

With the consistent reports of cyber attacks in Indonesia, we are moving to improve the security of customer data and data traffic between platforms. Through a series of audits conducted by the British Standards Institute (BSI Group Indonesia), Qiscus has recently obtained ISO 27001 certification!

The ISO, also known as the International Standard Organization, is a body which issues certifications to verify that the processes in the company awarded abide by international standards. Some of the certifications we often hear of would be the ISO 9001 for quality management and ISO 14000 for environmental management. For information security, ISO 27001 is the gold standard. ISO 27001 contains requirements for establishing, implementing, maintaining and improving an information security management system within an organization, which is crucial in this era of Industry 4.0. It also includes requirements related to the assessment and handling of information security risks according to the organization’s needs.

In addition to maintaining customer trust, we also make this effort to follow the rules set by the government, which are contained in the 4thRegulation of the Minister of Communication and Information of the Republic of Indonesia 2016 for Information Security Management Systemto the latest regulation, namely 5th Regulation of the Minister of Communication and Information for the Year 2020 concerning Private Scope Electronic System Operators.

Make sure your conversations with your customers are safe with Qiscus!

Qiscus, as one of the players in the technology sector, has helped hundreds of businesses shape customer experiences through digital-based solutions. With the various efforts that Qiscus has made, we hope that every client can run their business operations comfortably through the solutions that Qiscus provides.

Keen to use our products for your business? Please visit our website at

You May Also Like