Information Security Management System (ISMS) Policy

Information Security Management System (ISMS) Policy

Cleverus Holdings (M) Sdn Bhd (727831-D)

Our Commitment

Cleverus is committed to achieving and maintaining excellence in the protection of information assets and the trust of our clients, employees, partners, and stakeholders. We recognize that information is one of our most valuable assets, and its confidentiality, integrity, and availability are essential to our business operations, legal compliance, and reputation.

To fulfil this commitment, we have established, implemented, and continuously maintain an Information Security Management System (ISMS) in accordance with internationally recognized standards and best practices.

Purpose

The purpose of this policy is to define the principles, objectives, and responsibilities for information security within Cleverus. This policy provides the foundation for establishing and maintaining an ISMS that protects the organization’s information assets from all threats, whether internal or external, deliberate or accidental.

Scope

This ISMS policy applies to:

  • All information assets owned, controlled, or processed by Cleverus, whether in physical or digital form
  • All employees, contractors, consultants, temporary staff, and third-party service providers who access Cleverus’s information systems or data
  • All business processes, systems, networks, and facilities used in the delivery of Cleverus’s products and services
  • All locations from which Cleverus operates

Policy Statement

Cleverus shall:

  1. Protect Information Assets: Ensure the confidentiality, integrity, and availability of all information assets to support business operations, meet legal and contractual obligations, and maintain stakeholder confidence.
  2. Manage Risk: Establish and maintain a risk assessment and treatment process to identify, evaluate, and address information security risks in a systematic and proportionate manner.
  3. Comply with Legal and Regulatory Requirements: Ensure compliance with all applicable laws, regulations, and contractual obligations, including but not limited to the Personal Data Protection Act 2010 (PDPA) and any other relevant Malaysian legislation.
  4. Educate and Train: Provide appropriate information security awareness, education, and training to all employees and relevant third parties to foster a culture of security responsibility.
  5. Ensure Accountability: Define and communicate information security roles and responsibilities across the organization. All personnel are required to comply with this policy and the ISMS framework. Corrective and disciplinary measures shall be applied in the event of non-compliance.
  6. Continuously Improve: Regularly review and continually improve the effectiveness of the ISMS through monitoring, measurement, audits, management reviews, and the incorporation of lessons learned from security incidents.
  7. Manage Incidents: Establish and maintain procedures for the timely detection, reporting, assessment, and response to information security incidents, minimizing their impact on business operations and stakeholders.
  8. Ensure Business Continuity: Develop and maintain business continuity plans to ensure the resilience and timely recovery of critical business operations in the event of a disruption.
  9. Control Third-Party Access: Ensure that third-party access to [Company Name]’s information assets is controlled, monitored, and governed by appropriate contractual agreements and security requirements.

Information Security Objectives

Cleverus defines the following security objectives to measure the overall effectiveness of its ISMS:

  • Zero security incidents resulting in unauthorized disclosure, modification, or destruction of information assets.
  • Security incidents shall be maintained at or below the average of the three (3) preceding fiscal years.
  • Information security awareness and training shall be conducted at least two (2) times per year for all employees and relevant personnel.
  • Mission-critical business processes shall be recoverable within [24] hours in the event of a major disruption or disaster.
  • ISMS internal audits shall be conducted at least once annually to assess conformity and identify areas for improvement.
  • All identified non-conformities shall be addressed with corrective actions within [30] days of discovery. The definition of impact from security incidents is documented in the Security Incident Management Procedure. Mission-critical processes are identified through business impact analysis as documented in the Business Continuity Management Procedure.

Personal Data Protection Act, 2010

  • Cleverus Holdings (M) Sdn Bhd (727831-D) recognizes the importance of protecting personal information and is committed to compliance with the Personal Data Protection Act, 2010 (“PDPA”).
  • This policy supports the establishment of appropriate security measures for the protection of all personal data throughout its lifecycle — from collection, processing, and storage through to its disposal. Cleverus is committed to ensuring that personal data is processed lawfully, stored securely, and retained only for as long as necessary to fulfil its intended purpose or as required by law.
  • Cleverus may collect and process personal data in the course of its business operations for the purpose of delivering its products and services, managing business relationships, and fulfilling legal obligations. We are committed to keeping all personal data safe and in accordance with the PDPA.
  • For further information, please refer to our Privacy Policy or contact us at +603 9054 3113.
  • To opt out of promotional communications from Cleverus, kindly contact us at +603 9054 3113.

Incident Response

In the event of a suspected or confirmed information security incident, Cleverus shall:

  1. Contain and assess the scope and impact of the incident immediately upon discovery.
  2. Notify affected parties within [72] hours of confirmed incident discovery, in accordance with applicable laws and contractual obligations.
  3. Conduct a thorough investigation and root cause analysis.
  4. Implement corrective actions to prevent recurrence.
  5. Document the incident and maintain records as required by law and the ISMS framework.

The Management

Cleverus Holdings (M) Sdn Bhd (727831-D)
Level 28, The Gardens South Tower, Mid Valley City,
Lingkaran Syed Putra, 59200 Kuala Lumpur, Malaysia.
Last updated: 02 March 2026

Dear All,

It has come to our attention that someone is impersonating Cleverus to create group chats and scam people. Please be advised that these actions are not from Cleverus, and we do not engage in such practices.

We have taken the necessary steps to report these incidents. If you encounter any suspicious group chats or messages claiming to be from Cleverus, kindly report them.

Thank you for your cooperation.