Management System Certification

In accordance with the principles of Good Corporate Governance (GCG), Indonesia Stock Exchange (IDX) as a capital market facilitator and regulator is committed to improve governance applied in the company continuously. In order to maintain and ensure the implementation of effective Management System, periodic audits are carried out by the certification agency for the implementation of the following Management Systems:

ISO 9001 Quality Management Systems

In order to maintain the quality of products and services for interested parties, IDX is committed to implement a Quality Management Systems (QMS) based on ISO 9001. In 2005, IDX for the first time implemented QMS for the provision of Disaster Recovery Center (DRC) facilities and obtained ISO 9001:2000 certificate. Then in 2010, the implementation scope of QMS was expanded to corporate wide, including the Representative Offices throughout Indonesia, in accordance to ISO 9001:2008. Along with the development of QMS ISO 9001, in 2017, IDX implemented QMS based on ISO 9001:2015 and in 2018, IDX obtained ISO 9001:2015 certificate.

ISO 27001 Information Security Management Systems

With the aim of maintaining the availability, integrity, and confidentiality of company information, including on human resources, processes, and information technology, IDX is committed to implement an Information Security Management Systems (ISMS) based on ISO 27001. The certification of ISO 27001:2005 was carried out in stages, starting in 2012. In 2015, IDX obtained ISO 27001 certificate for corporate wide scope, as well as upgrading ISO 27001 standard used for ISMS, from the 2005 version to the 2013 version.

ISO 22301 Business Continuity Management Systems

To ensure the availability of services for interested parties in case of disruption to the company's operational services, IDX has implemented a Business Continuity Management Systems (BCMS) based on ISO 22301 since 2013. IDX has periodically conducted a series of simulations to test its business continuity plan and recovery strategies of information technology at predetermined alternative locations to ensure the company's readiness to face threats and disruptions to its business continuity. In 2018, IDX obtained ISO 22301:2012 certificate and in 2020, IDX upgraded the implementation of ISO 22301 standard to the 2019 version, which was followed by obtaining ISO 22301:2019 certificate in 2021.

ISO 37001 Anti-Bribery Management Systems

In 2021, in line with the program of the Otoritas Jasa Keuangan (OJK), namely the implementation and certification of the Anti-Bribery Management Systems (ABMS) based on SNI ISO 37001 at Financial Services Institutions, IDX has implemented ABMS based on SNI ISO 37001 and at the end of 2021, IDX obtained ISO 37001:2016 certificate. This is also a form of IDX's commitment and continuous improvement in the implementation of GCG consistently by creating a work environment that is clean from corrupt, bribery, and gratification practices that are detrimental to the company or even the country. This commitment is stated in the Anti-Bribery Policy and Commitment of the Indonesia Stock Exchange.

As an effort to improve the implementation of the IDX Code of Conduct in accordance with the implementation of ABMS based on SNI ISO 37001, IDX has established an Internal Circular Letter regarding Giving and Receiving Gifts for Employees, which stipulates that the company (employees) does not accept gifts in any form (including but not limited to money, food, and/or goods) for transactions between the company and third parties (partners or customers). IDX has also socialized ABMS implementation, including the Anti-Bribery Policy and Commitment of the Indonesia Stock Exchange, to its interested parties by letter.

Currently, IDX has a tool for reporting the alleged violations that have the potential for financial and non-financial losses, including things that damage the IDX's image, namely the IDX Whistleblowing System (WBS), which can be used by both internal and external parties of IDX. In operating WBS, IDX already has Guideline and Procedure related to the management of WBS.