ISO Compliance
Overview
Core Banking ISO Security Service mengimplementasikan 3 standar ISO untuk keamanan dan kepatuhan perbankan.
ISO 27001 - Information Security Management
Controls Implemented
| Control | Description | Implementation |
|---|---|---|
| A.9.1 | Access control | JWT + RBAC |
| A.9.2 | User access management | Role-based permissions |
| A.9.4 | System and application access control | API authentication |
| A.12.4 | Logging and monitoring | Audit trail + WebSocket alerts |
| A.12.6 | Vulnerability management | Regular security updates |
| A.18.1 | Compliance with legal requirements | Audit logging |
Implementation
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable())
.sessionManagement(session ->
session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/auth/login").permitAll()
.requestMatchers("/iso/health").permitAll()
.requestMatchers("/ws/**").permitAll()
.requestMatchers("/api/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
)
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}
ISO 20022 - Financial Messaging
Message Formats
| Message Type | Code | Description |
|---|---|---|
| Customer Credit Transfer | pacs.008 | Domestic transfer |
| Payment Status Report | pacs.002 | Payment confirmation |
| Financial Institution Credit Transfer | pacs.009 | Interbank transfer |
| Customer Direct Debit | pain.008 | Direct debit |
Implementation
@Service
public class Iso20022Service {
public Pacs008 createCreditTransfer(Transaction txn) {
Pacs008 pacs = new Pacs008();
// Group Header
pacs.setCreDtTm(LocalDateTime.now());
pacs.setMsgId(generateMessageId());
pacs.setNbOfTxs(1);
// Payment Information
PaymentInformation pi = new PaymentInformation();
pi.setPmtInfId(generatePaymentInfoId());
pi.setPmtMtd("TRF");
// Credit Transfer Transaction Information
CreditTransferTransactionInformation ctti = new CreditTransferTransactionInformation();
ctti.setPmtId(generatePaymentId());
ctti.setAmt(new ActiveOrHistoricCurrencyAndAmount()
.setValue(txn.getAmount())
.setCcy("IDR"));
ctti.setDbtrAgt(new FinancialInstitutionCustomerCreditTransfer()
.setBranchId(txn.getFromBank()));
ctti.setCdtrAgt(new FinancialInstitutionCustomerCreditTransfer()
.setBranchId(txn.getToBank()));
pacs.setPaymentInformation(pi);
return pacs;
}
}
ISO 22301 - Business Continuity Management
Requirements
| Requirement | Target | Implementation |
|---|---|---|
| RTO (Recovery Time Objective) | 4 hours | HA configuration, auto-failover |
| RPO (Recovery Point Objective) | 1 hour | Regular backups, WAL archiving |
| Health Checks | Every 30s | Spring Boot Actuator |
| Circuit Breakers | Automatic | Resilience4j |
Implementation
@Configuration
public class BusinessContinuityConfig {
@Bean
public CircuitBreaker circuitBreaker() {
return CircuitBreaker.ofDefaults("coreBanking");
}
@Bean
public Retry retry() {
return Retry.of("coreBanking", RetryConfig.custom()
.maxAttempts(3)
.waitDuration(Duration.ofSeconds(1))
.build());
}
@Bean
public TimeLimiter timeLimiter() {
return TimeLimiter.of("coreBanking", TimeLimiterConfig.custom()
.timeoutDuration(Duration.ofSeconds(5))
.build());
}
}
Health Check
@Component
public class CoreBankingHealthIndicator implements HealthIndicator {
@Autowired
private DataSource dataSource;
@Override
public Health health() {
try (Connection conn = dataSource.getConnection()) {
if (conn.isValid(5)) {
return Health.up()
.withDetail("database", "accessible")
.withDetail("timestamp", Instant.now())
.build();
}
} catch (SQLException e) {
return Health.down()
.withDetail("database", e.getMessage())
.build();
}
return Health.down().build();
}
}
Compliance Dashboard
API Response
{
"iso27001": {
"status": "COMPLIANT",
"controls": {
"accessControl": "IMPLEMENTED",
"auditLogging": "IMPLEMENTED",
"encryption": "IMPLEMENTED"
},
"lastAudit": "2026-06-15T00:00:00Z",
"findings": 0
},
"iso20022": {
"status": "COMPLIANT",
"messageFormats": {
"pacs.008": "IMPLEMENTED",
"pacs.002": "IMPLEMENTED"
},
"lastValidation": "2026-07-06T00:00:00Z"
},
"iso22301": {
"status": "COMPLIANT",
"targets": {
"rto": "4 hours",
"rpo": "1 hour"
},
"lastTest": "2026-06-01T00:00:00Z",
"circuitBreakers": "ACTIVE"
}
}
Next Steps
- Features - Detailed features
- API Endpoints - API documentation