Governance Policy

Whistleblowing Policy

Whistleblowing system is a reporting mechanism for whistleblowers to submit information concerning indication or violation or fraud in PT Ekagrata Data Gemilang (“Company”).

Since 2021, the Company has implemented a whistleblowing system to receive, handle, and follow up on reports from the Company’s stakeholders by ensuring neutrality of investigations and reporting confidentiality. The implementation of the whistleblowing system refers to the Whistleblowing Policy that has been formalized in reference to Holding Company Policy PT IndoInternet Tbk on September 30, 2021 with document number Indonet/POL/CORP/06 – Whistleblowing Policy.

Violation report can be submitted by filling the Whistleblower Form in the provided format and sending the form to email at with the subject of “Whistleblowing”.

Every whistleblower shall act on goodwill and fair principle in believing that the reported action is a violation.

Risk Management Policy

The Risk Management Policy is intended as a guide to the risk management process in PT Indointernet Tbk and its subsidiaries (“Company”). This policy aims to determine the risk limit that can be tolerated by the Company and establish controls or mitigation plans that must be implemented to prevent risk events from occurring, as well as ensure that the Company’s operational activities can continue even if risk events still occur after prevention efforts have been made. The intent and purpose of the Risk Management Policy is a form of the Company’s commitment to ensuring good service standards in terms of value and security for all Company stakeholders.

Rapid developments that occur in the internal and external environment have the potential to create uncertainty that can affect the achievement of the Company’s goals and therefore, the Company seeks to minimize threats and maximize existing opportunities through the implementation of risk management by referring to various risk management guidelines and policies that apply to similar industries. The implementation of risk management refers to the Risk Management Policy which was formalized 1 February, 2021 with the document number EDGE_IS_03-01-01-00_MET_Risk Assessment & Treatment Methodology.

The Company continuously carries out risk identification by involving all layers of management so that the Company’s risk profile can be described more comprehensively. Risks with impacts that are considered significant and have the potential to occur repeatedly are recorded in a risk register and monitored periodically by the Board of Directors and the Board of Commissioners through the Audit Committee. The risk identification process is carried out periodically to identify emerging new risks.


In the event that PT Indointernet Tbk and its subsidiaries (the “Company”) enter into cooperation and/or loan agreements or the acquisition of facilities with each creditor, the Company is subject to the policies as stipulated in this policy for fulfilling the rights of creditors to fulfill the rights of creditors as referred to in paragraph (1). required in the Corporate Governance regulations issued by the Financial Services Authority (“OJK”).

This policy is specifically aimed at maintaining the fulfillment of creditor rights and maintaining the trust that creditors have placed in the Company.

In the event that the Company enters into a loan agreement with the creditor and utilizes the facilities provided by the creditor, the Company is committed to:

  1. Always strive to carry out and fulfill all obligations and responsibilities of the Company to creditors in accordance with the provisions agreed by the Company and creditors.
  2. Using loan facilities obtained from creditors in an accountable and efficient manner.
  3. Carry out obligations in a timely manner in accordance with the provisions of the agreement agreed between the Company and creditors as well as the applicable laws and regulations.
  4. Convey material information relating to creditors, to investors/public in a fair, transparent, true and accurate manner.

The Fulfillment of Creditors’ Rights Policy has been formalized by the Company in reference to Holding Company Policy PT IndoInternet Tbk on November 22, 2021 with the document number Indonet/POL/CORP/03 – Fulfillment of Creditors’ Rights Policy.


The supply chain is an important factor that needs to be managed properly in order to support the smooth operation of the Company’s business. The Company is committed to running an inclusive business by opening up opportunities for all parties to work together as business partners in meeting their needs as long as the necessary criteria and conditions are met such as price, quality, guarantee, certain certifications if needed and experience. Partners who have worked together for a long time and have a good track record will have added value in the eyes of the Company. So far, there are no partners who in their operations, cause negative impacts from social and environmental aspects.

The vendor selection process in the Company follows the vendor qualification procedure. The processes carried out by the Company are Direct Selection, Direct Appointment, and Tender. An assessment is carried out on all vendors to be compared, then the Company will select a vendor in accordance with the result of the vendor assessment. Due diligence processes for vendors who will enter into cooperation agreements will also be carried out to ensure vendor properness. Each vendor will be evaluated periodically and for vendors who do not meet the qualifications will be removed from the vendor list.

The Policy for Vendor Qualification and Evaluation was formalized by the Company on 1 February, 2022 with the document number EDGE_IS_12-00-00-00_POL_External Party Security Policy.


The Company’s Code of Conduct is the manners set by the Company as a guide to attitude and behavior for the Company’s ranks in running the Company’s business, carrying out daily work duties and activities, as well as interacting with stakeholders including shareholders, regulators, customers, employees/coworkers, partners and the community. The Company’s Code of Conduct is rooted in values (cultural values) which are believed by the Company as noble values of professionalism, sense of responsibility, maintaining trust and mutual respect.

All Company employees including Board of Commissioners and Directors are required to sign an Integrity Pact every year, where the Code of Conduct is one of the documents that must be read and understood by Company employees. This Code of Conduct applies as a conduct guidelines in working and/or cooperating and binds all members of the Board of Commissioners, Board of Directors, and Employees, and must be submitted for the knowledge of the Company’s stakeholders, including among others regulators, suppliers, contractors, customers.


The Company has established an Anti-bribery and Corruption Policy that must be complied by all employees. The Company strictly forbids bribery and corruption practices in any form. The Company and all of its members, including employees, Board of Directors, Board of Commissioners, Shareholders, and third parties mediator are strictly prohibited to be involved in any form of bribery and corruption directly or indirectly, in their relation to the Company’s business activities.

The Company has stipulated the Policy in the programs and procedures related to sponsorship, donation, gift, hospitality and others. Every transaction should be processed based on the ”payment authorization matrix” and shall be verified by the Compliance Officer. In addition, the transaction must also be recorded to a specific general ledger and made into a complete and accountable document.

The Company has appointed a Compliance Officer to implement the proper mitigation and control efforts in detecting and preventing bribery and corruption practices that might occur in the Company. In addition, the Compliance Officer is also responsible to verify documents in order to ensure the validity and accuracy of the transaction before being processed further by each authorized officer for approval. The Compliance Officer wrote her initials at the verified document.

The policy for Anti-Bribery and Corruption was formalized by the Company on October 14, 2021 with the document number Indonet/POL/CORP/05 – Anti Bribery and Corruption Policy.

Socialization of Anti-Bribery and Corruption to Employees

The Company has a policy to organize training and socialization of Anti-bribery and Corruption at least once a year in order to improve employees’ awareness on what they should and should not do to comply with the policy.

Attendance and fulfillment of the training is mandatory and is a part of employee assessment. Related to this training and socialization, the Company assigned the Internal Audit Unit/HR/ Compliance Officer and/or relevant external advisor to organize the training and in order to provide a comprehensive knowledge regarding anti-bribery and corruption to all employees.

The HR function shall keep all the notes related to the materials and the list of attendants in the internal training of anti-bribery and corruption in the last 5 (five) years.