Information Security and Confidentiality Policy

Viseteam Consulting Sdn. Bhd.  |  Effective: March 2026

This policy establishes the principles and controls adopted by Viseteam Consulting Sdn. Bhd. ("Viseteam") to safeguard confidential information, client data, and business information handled in the course of providing professional consulting services. Viseteam is committed to protecting information assets and maintaining the confidentiality, integrity, and availability of information entrusted to us by clients, partners, and stakeholders.

1. Purpose

This policy establishes the principles and controls adopted by Viseteam to safeguard confidential information, client data, and business information handled in the course of providing professional consulting services.

Viseteam is committed to protecting information assets and maintaining the confidentiality, integrity, and availability of information entrusted to us by clients, partners, and stakeholders.

2. Scope

This policy applies to:

  • All employees, directors, contractors, and representatives of Viseteam
  • All information assets handled or processed by Viseteam
  • All client-related information received during consulting engagements

The policy applies regardless of the format of the information, including:

  • Electronic data
  • Physical documents
  • Verbal communications
  • Digital systems and storage platforms

3. Confidential Information

Confidential information includes any non-public information relating to clients, partners, or Viseteam operations, including but not limited to:

  • Business strategies and plans
  • Financial and commercial information
  • Technical documentation or system architecture
  • Operational processes and methodologies
  • Client data and project materials
  • Personal data as defined under applicable laws

All confidential information received during client engagements will be used strictly for the purposes agreed under the relevant engagement or contractual arrangement.

4. Information Security Principles

Viseteam adopts the following core information security principles:

Confidentiality

Information will only be accessed by authorized personnel on a need-to-know basis.

Integrity

Information will be protected against unauthorized modification or alteration.

Availability

Information will be managed in a manner that ensures it remains accessible for legitimate business purposes.

5. Access Control

Viseteam implements reasonable access control measures to ensure that information is only accessible to authorized individuals. Controls include:

  • Access restriction based on role and project involvement
  • Secure authentication mechanisms for digital systems
  • Limiting access to client information to personnel directly involved in the engagement

Employees and representatives are required to maintain strict confidentiality regarding any information obtained during their work.

6. Handling of Client Information

Client information received by Viseteam will be handled in accordance with the following practices:

  • Information will be used solely for the agreed project or business purpose
  • Information will not be disclosed to third parties without appropriate authorization
  • Confidential documents will be stored securely and protected from unauthorized access
  • Electronic communications containing sensitive information will be handled with appropriate care

Where external advisors or subcontractors are engaged, they will be subject to appropriate confidentiality obligations.

7. Data Protection and Privacy

Viseteam processes personal data in accordance with applicable data protection laws in Malaysia, including the Personal Data Protection Act 2010 (PDPA).

Personal data will only be collected, processed, or disclosed where necessary for legitimate business purposes and subject to appropriate safeguards.

Reasonable technical and organizational measures are implemented to protect personal data against unauthorized access, loss, or misuse.

8. Information Retention and Disposal

Information will be retained only for as long as necessary to support business operations, contractual obligations, or legal requirements.

When information is no longer required, Viseteam will take reasonable steps to ensure that such information is securely destroyed or disposed of to prevent unauthorized access or disclosure.

9. Incident Reporting

Any suspected or actual incident involving unauthorized access, disclosure, loss, or misuse of confidential information must be reported promptly to Viseteam management.

Appropriate corrective actions will be taken to contain and mitigate the impact of any such incident.

10. Compliance

All Viseteam personnel are expected to comply with this policy and with any confidentiality obligations contained in contracts, non-disclosure agreements, or engagement terms.

Failure to comply with this policy may result in disciplinary action or termination of engagement, where applicable.

11. Policy Review

This policy may be reviewed and updated periodically to ensure alignment with legal, regulatory, and operational requirements.

Contact Information

For enquiries regarding this policy, please contact:

Viseteam Consulting Sdn. Bhd. Email: info@viseteam.com
Address: Lot G02-G07, Level 3, Platinum Sentral, Jalan Stesen Sentral 2, Kuala Lumpur Sentral, 50470 Kuala Lumpur
Last updated: March 2026