Security Policy

Introduction

PT Inovasi Kolektif Digital ("LEXA", "Lazuardy", "we", "our", "us") is steadfastly committed to maintaining the highest standards of information security. We recognize that the protection of our users' data, particularly sensitive legal information, is not just a technical requirement but a fundamental responsibility to our professional community.

This Security Policy articulates our comprehensive approach to safeguarding digital assets, technological infrastructure, and user information. Our strategy is built on a proactive, multi-layered framework designed to anticipate, prevent, and rapidly respond to potential security challenges in the evolving landscape of legal technology.

Technology Infrastructure

LEXA's security is built on a robust, multi-layered technological foundation:

• Cloud Platforms: Cloudflare, Vercel
• AI Technologies: OpenAI, Anthropic Claude, Google Gemini
• Encryption Standard: AES-256 enterprise-grade encryption

Encryption and Data Protection

We implement comprehensive encryption measures:

• Data-at-Rest Encryption: AES-256 encryption for stored data
• Data-in-Transit Encryption: TLS 1.3 protocol
• End-to-End Encryption for sensitive communications
• Secure key management with regular key rotation

Access Control

Our access management strategy includes:

• Multi-Factor Authentication (MFA)
• Role-Based Access Control (RBAC)
• Principle of Least Privilege
• Comprehensive user authentication and authorization protocols

Network Security

We protect our network infrastructure through:

• Firewall protection
• Intrusion Detection and Prevention Systems (IDPS)
• Regular vulnerability scanning
• Distributed Denial of Service (DDoS) mitigation

Compliance and Standards

LEXA adheres to international security frameworks:

• ISO/IEC 27001:2022 Information Security Management
• NIST Cybersecurity Framework
• SOC 2 Type II compliance recommendations

Incident Response

Our incident response strategy includes:

• 24/7 security monitoring
• Rapid incident detection and containment
• Comprehensive breach notification procedures
• Post-incident analysis and continuous improvement

Third-Party Risk Management

We conduct rigorous assessments of third-party vendors and AI technology providers to ensure they meet our strict security standards.

Regular Security Assessments

We commit to:

• Quarterly internal security audits
• Annual comprehensive security assessments
• Continuous vulnerability management
• Ongoing staff security training

Contact Information

If you have any questions or concerns about our Security Policy or wish to report a security issue, please contact us at: