Information Security Policy

Purpose

This Information Security Policy sets out InTalent Asia’s general approach to protecting information, systems, records, and technology resources from unauthorised access, misuse, disclosure, alteration, disruption, or loss. It is intended to describe the principles and controls the company seeks to promote in support of confidentiality, integrity, availability, and responsible information handling.

As a recruitment, executive search, workforce solutions, and HR services company, InTalent Asia handles business information, candidate information, client information, personal data, and internal records. The company recognises the importance of maintaining appropriate information security practices in support of trust, service delivery, compliance, and operational resilience.

Scope

This policy applies generally to information, systems, devices, records, applications, platforms, infrastructure, and other information assets used by or on behalf of InTalent Asia, whether in physical or electronic form.

This policy also applies generally to directors, management, employees, consultants, contractors, temporary personnel, and, where relevant, third parties who access, process, store, transmit, manage, or otherwise interact with information or systems connected with InTalent Asia.

Application of this policy may vary depending on role, access level, system type, location, service arrangement, contractual terms, legal requirements, and operational necessity.

Policy Statement

InTalent Asia seeks to maintain information security practices that are appropriate to the nature, scale, and risk profile of its business. The company may establish, maintain, review, and improve information security related controls, procedures, safeguards, and responsibilities from time to time in order to support the protection of information assets and reduce the risk of security incidents.

Where relevant, the company’s approach may be informed by recognised standards and management system practices, including ISO 27001 for information security management and ISO 27701 for privacy information management.

Key Principles

InTalent Asia may seek to:

• protect confidential, personal, commercially sensitive, and operational information from unauthorised access, misuse, disclosure, or loss
• maintain appropriate controls over systems, devices, applications, records, and information assets
• restrict access to information on a need to know, authorised, or role appropriate basis where practical
• promote responsible use of company systems, networks, devices, and digital resources
• support awareness of information security risks, including phishing, unauthorised sharing, weak access practices, and improper handling of records
• manage security incidents, vulnerabilities, and risks in a practical and proportionate manner
• review and strengthen information security arrangements over time in line with business needs, technology changes, certification requirements, and risk exposure

Security Areas of Focus

01. Access Control

InTalent Asia may apply appropriate user access, authentication, password, account management, and permission controls to systems and information resources based on business need and role requirements.

02. Information Handling

Persons handling company information are generally expected to do so responsibly and in accordance with applicable company requirements relating to confidentiality, privacy, retention, storage, transmission, and disposal.

03. Devices and Systems

Company devices, systems, software, applications, and communication tools should generally be used for proper business purposes and in a way that does not expose the company to unreasonable security risk.

04. Incident Awareness and Reporting

Suspected information security incidents, unauthorised access, data exposure, phishing attempts, malware risks, system misuse, or other material security concerns should generally be reported through appropriate internal channels as soon as reasonably practicable.

05. Third Party and Service Provider Security

Where relevant, InTalent Asia may take information security related considerations into account when selecting, onboarding, managing, or reviewing service providers, suppliers, platforms, and other third parties who may access or process company or stakeholder information.

06. Business Continuity and Resilience

The company may maintain practical arrangements intended to support continuity, recovery, backup, or resilience in relation to important systems, information, or business processes where considered appropriate.

Roles and Responsibilities

01. Leadership

Leadership may oversee the company’s general information security direction, risk awareness, resource prioritisation, and support for appropriate control environments.

02. Managers

Managers may support adherence to applicable security requirements within their areas of responsibility and may escalate material risks, incidents, or control issues where appropriate.

03. Employees and Representatives

Employees and persons acting on behalf of InTalent Asia are generally expected to protect information entrusted to them, follow applicable security requirements, avoid negligent or improper handling of information, and report suspected security incidents or weaknesses through appropriate channels.

04. Third Parties

Where relevant, third parties engaged by InTalent Asia may be expected to maintain reasonable security practices consistent with the nature of the services provided, the information involved, contractual terms, and applicable legal obligations.

Reporting Concerns

Information security concerns, incidents, weaknesses, breaches, or suspected misuse of systems or data may be raised through appropriate internal channels or designated company contacts.

InTalent Asia may assess and respond to such matters in the manner it considers appropriate, taking into account the severity of the issue, available information, business impact, confidentiality, legal requirements, contractual obligations, and operational circumstances.

Monitoring and Review

InTalent Asia may monitor and review its information security practices, controls, and this policy from time to time. Reviews may be undertaken periodically or in response to incidents, legal developments, technology changes, audit findings, certification requirements, or operational needs.

The company may revise, replace, supplement, or withdraw this policy and related controls at its discretion, subject to applicable legal or regulatory requirements.

Policy Status

This policy is intended as a general statement of InTalent Asia’s approach to information security and related internal expectations. It is provided for guidance and governance purposes only.

This policy does not form part of any employment contract, client contract, supplier arrangement, candidate arrangement, or other agreement, and does not create legally binding rights, warranties, guarantees, or obligations for any third party, except to the extent required by applicable law.

Implementation of this policy may vary depending on business needs, system design, technical feasibility, legal requirements, service models, contractual obligations, and the nature of the relevant information or risk.

Related Standards and Policies

This policy should be read together with the Candidate Privacy Notice, Full Privacy Policy, Corporate Governance Policy, Supplier Code of Conduct, Business Ethics and Code of Conduct, ESG Policy, and other related policies or notices adopted by InTalent Asia from time to time.

Where relevant, aspects of this policy may also be supported by InTalent Asia’s broader management and control framework aligned to ISO 27001, ISO 27701, and ISO 9001.

Contact Us

If you have any questions regarding this Information Security Policy, you may contact:

• By email: legal@intalent.asia