Information Security Policy

VIRESERVE is committed to protect the confidentiality, integrity and availability of the information entrusted to us by our stakeholders. This Information Security Policy outlines our commitment to safeguard all stakeholders information, assets and intellectual property against threats, damage, loss or misuse.

1. PURPOSE & COMMITMENT

We maintain an ISO/IEC 27001:2022 Information Security Management System (ISMS) aligned with industry best practices and recognised standards; Malaysia’s Personal Data Protection Act (PDPA) 2024 and Malaysia’s Cyber Security Act 2024. By adhering to these standards, we ensure robust risk management practices, continual improvement and compliance with regulatory and contractual obligations are taken care. We are committed to provide high security standards to protect all stakeholders information assets in compliance with standard of ISO/IEC 27001:2022.

2. SCOPE

This policy applies to all operations, technologies, employees, contractors and third party service providers involved in handling information processed, stored or transmitted by our platform and services. In order to maintain the management system, improve and enhance services and delivery of services, internal and external audits are regularly conducted and a continual improvement process is implemented throughout the organization. All employees and business partners are expected to adhere to this policy.

3. SECURITY PRINCIPLES

This policy applies to all operations, technologies, employees, contractors and third party service providers involved in handling information processed, stored or transmitted by our platform and services.

We adopt the following guiding principles:
 Confidentiality – Protecting information from unauthorised access and disclosure
 Integrity – Assuring the Information Assets and Infrastructure is reliable, accurate and protected from unauthorised modification and destruction
 Availability – Defending Information Systems and Data to remain accessible in timely manner when required

4. RESPONSIBILITIES

This policy is communicated to all stakeholders through a digital media platform for awareness. It is important that our stakeholders understand their responsibilities in managing risks and ensuring secure operations within their areas.

We ensure security requirements are enforced across our supply chain and ecosystem through due diligence, contractual controls and ongoing monitoring of third-party services.

We maintain an incident response framework to manage security events with minimal risks and adapt quick mitigations. When required, we notify affected stakeholders and regulators within the timelines prescribed by applicable laws.

We are committed to responsible data governance, ethical handling of information and maintaining
transparency with our customers regarding how we protect their data.

*This policy is reviewed at least annually or whenever significant changes occur to ensure it remains relevant, effective, and aligned with emerging risks and compliance requirements.