Technical and Organizational Measures
Last material update: June 12, 2026
Trinsic maintains an information security program designed to implement and maintain technical and organizational measures appropriate for the sensitivity, type, and scope of Personal Data processed in connection with the Services it offers to its Customers and comply with relevant Data Protection Laws and Regulations. Visit our security page to learn more at security.trinsic.id.
Security Policies. Trinsic establishes and maintains documented security policies and procedures aligned with recognized industry benchmarks outlining controls to safeguard Personal Data. These policies address areas including incident response, data handling, access control, and acceptable use, and are reviewed and updated regularly.
Personnel Screening. Subject to applicable laws and regulations, Trinsic will perform background checks on employees and contractors prior to granting access to systems that process personal data.
Confidentiality Agreements. Employees and contractors of Trinsic must sign confidentiality agreements as part of their employment or engagement conditions, agreeing to follow protocols safeguarding customer information, confidential data, and overall information security.
Security and Privacy Training. Trinsic will conduct obligatory annual training for its employees and contractors covering ethics, privacy, and security awareness, with training content reviewed and refreshed each year.
Code of Conduct. Trinsic maintains a code of conduct coupled with disciplinary actions that are enforced in response to breaches of security or privacy policies by employees or contractors.
Access Control. Trinsic implements technical and organizational measures to control and limit access to systems processing Personal Data based on the principle of least privilege. This includes unique user identification, appropriate authentication methods (including multi-factor authentication where applicable), authorization controls, regular access reviews, and logging of access activities. Access is granted only as necessary to perform assigned duties related to the Services. We maintain asset inventory & data classification systems to inform access control decisions.
Information Security Leadership. Trinsic will appoint a qualified individual responsible for overseeing data security within the organization and managing regular reviews and updates to its security policy.
Encryption. Trinsic implements technical measures to encrypt Personal Data during transmission over public networks (using industry-standard protocols such as TLS 1.2 or higher) and when stored at rest (using industry-standard algorithms such as AES-256 or equivalent).
Vulnerability Management & System Integrity. Trinsic implements measures to maintain system integrity and address vulnerabilities. This includes regular vulnerability scanning, risk assessment of identified vulnerabilities, timely patch management according to internal policies, and periodic independent penetration testing. Systems are configured using security hardening best practices. When Trinsic's retention period ends, it securely and permanently deletes personal data.
Network Security. Trinsic employs industry-standard technical measures to protect its network infrastructure, including the use of firewalls and network segmentation to control traffic flow and isolate sensitive environments.
Logging and Monitoring. Trinsic implements technical systems for security logging across relevant infrastructure and applications. Logs are monitored to detect, analyze, and respond to security events and potential threats.
Incident Management. Trinsic maintains a documented incident response plan outlining procedures for detecting, managing, responding to, and reporting Security Incidents in accordance with Data Protection Laws and Regulations.
Business Continuity and Disaster Recovery (BCDR). Trinsic maintains BCDR strategies designed to ensure the availability and integrity of the Services and associated Personal Data. These plans include risk assessments, defined recovery objectives, and are tested periodically.
Secure Development. Trinsic integrates security considerations into its software development lifecycle, including practices such as secure coding guidelines and security testing before deployment.
Vendor Management. Trinsic performs due diligence on Sub-Processors and critical vendors handling Personal Data to assess their security practices and ensure appropriate contractual safeguards are in place.
Change Management. Trinsic utilizes a formal change management process for changes to the production environment, including testing, review, and approval procedures, to minimize security risks and operational disruptions.
Trinsic's Chief Technology Officer (or their successors, as outlined in Trinsic's Business Continuity Plan), is responsible for maintaining the company's security posture. The CTO may be contacted directly at security@trinsic.id.
Trinsic reserves the right to update or modify these measures from time to time, provided that such updates do not materially decrease the overall security of the Services provided to the Customer.