Unwired Logic Information Security Policy Follow

Last updated: 24 JUL 2025

1. Purpose

This Information Security Policy outlines the core principles and practices that govern how Unwired Logic K.K. and PT Unwired Logic Indonesia (“Unwired Logic”) protect systems, devices, accounts, and client trust in the course of delivering remote business consulting and technical advisory services.

Unwired Logic does not operate or deliver its own SaaS products or client-hosted platforms. Our consultants access only client-managed environments, in accordance with the scope defined in each signed contract. Services provided include business process improvement, system analysis, and operational guidance. At no time do we host or store client data.

This policy applies to all Unwired Logic employees, contractors, and representatives who have access to client systems or sensitive information.

2. Infrastructure & Access Controls

• Cloud-First Model: Unwired Logic operates entirely in the cloud and does not maintain on-premise infrastructure.
• Device Management: All company-issued laptops are enrolled in a device management platform with remote wipe, compliance enforcement, and update control.
• USB Access Restrictions: Use of USB storage devices is strictly prohibited on all Unwired Logic-managed computers. Device control policies are enforced through our endpoint management system to prevent data exfiltration and unauthorized media access.
• Access Control: Multi-Factor Authentication (MFA) is required for all critical platforms and user accounts.
• Personal Devices: Use of personal devices is permitted only in exceptional cases, and such devices must be enrolled in our management system to ensure security compliance.

3. Data Handling

Unwired Logic is committed to protecting client data by strictly limiting how it is accessed and ensuring that it is never stored, copied, or processed outside of the client’s controlled environment.

• Client Data Protection: Unwired Logic does not store, download, or replicate client data on its own systems. All consulting services are delivered exclusively within client-managed environments, and no data is transferred to Unwired Logic infrastructure at any time.
• No Hosting or Processing: Unwired Logic does not operate, manage, or host cloud infrastructure on behalf of clients under normal circumstances. We do not act as a data processor or subprocessor unless this responsibility is explicitly defined and agreed upon in the scope of a signed client agreement.
• Information Segregation: Consultants are contractually required and operationally trained to avoid recording or sharing sensitive client data through internal tools or communications. When internal collaboration is needed, only high-level notes or metadata (such as project status or task references) may be shared — excluding any proprietary, identifiable, or confidential client information.
• Data Retention Controls: Unwired Logic may retain limited internal documentation or work artifacts from client engagements, but only when necessary for internal continuity, training, or contractual obligations. Any retained information is non-sensitive, generalized, or de-identified. These materials are strictly for internal use and are never shared, disclosed, or reused across other client engagements.

4. Security Awareness & Password Policy

All employees receive ongoing security awareness training covering secure device usage, phishing prevention, and safe data handling.

Unwired Logic enforces a strict internal password policy across all systems and user accounts. Use of password managers is strongly encouraged, and browser-based password storage is prohibited.

Compliance with the password policy is regularly reviewed to ensure secure practices are being maintained by all staff.

5. Incident Response

Although Unwired Logic does not store client data, we treat all suspected information security incidents with urgency and care.

• Immediate Escalation: Any potential incident is promptly escalated to appropriate leadership and stakeholders for assessment and response.
• Client Notification: If an incident is determined to involve or potentially impact client systems or data, the affected client will be notified without delay.
• Containment & Remediation: Steps are taken immediately to contain the issue, assess its scope, and remediate any identified risks or vulnerabilities.
• Post-Incident Review: A structured internal review is conducted to analyze root causes and improve preventative measures, including potential updates to systems, processes, or training.

6. Vendor and Platform Selection

Unwired Logic uses enterprise-grade SaaS platforms to support operations across productivity, communication, finance, and contract management. While we do not conduct formal audits of vendors, we carefully select trusted services based on their:

• Industry reputation
• Operational maturity
• Alignment with our remote-first architecture

7. Policy Review

This policy is maintained on an ongoing basis and reviewed periodically to ensure alignment with evolving operational, security, and compliance standards.