Information Security Policy

 

Statement from the Executive Team

At Softinn Solutions Sdn Bhd, our mission is to "Make hoteliers work easier" by providing innovative hospitality technology solutions. Our solutions enable hotels and accommodation operators to streamline their business operations, offering flexible alternatives to start and scale their business with the help of technology through integration and application.

We recognize that the security of our clients' and their guests' data is paramount. We are committed to implementing robust information security measures to protect sensitive data and ensure compliance with applicable laws and regulations, including the Malaysian Personal Data Protection Act (PDPA) 2010 and 2024.

Our Information Security Policy is guided by the following five key principles:

 

1. Risk-Based Approach to Information Security

We adopt a risk management approach to identify, assess, and mitigate information security risks. This ensures that our resources are focused on areas with the greatest potential impact.

Softinn will:

• Conduct regular information security risk assessments.
• Ensure that information security risks are managed within our risk appetite.
• Communicate identified risks with key stakeholders.

 

2. Empowering Our Staff as the First Line of Defense

Our employees play a crucial role in maintaining information security. We foster a culture of security awareness and individual accountability.

Softinn will:

• Provide ongoing information security training to all staff.
• Clearly communicate information security obligations, policies, and procedures.
• Encourage staff to take initiative in safeguarding information.
  
  

3. Controlled Access to Protected Information

We classify information based on sensitivity and ensure that access is restricted to authorized personnel only.

Softinn will:

• Implement access controls aligned with user roles and responsibilities.
• Regularly review and monitor access permissions.
• Maintain an information classification scheme.

 

4. Implementation of Comprehensive Safeguards

We apply technical, administrative, and physical safeguards to protect information assets.

Softinn will:

• Comply with established information security frameworks and standards.
• Regularly review and update security policies and procedures.
• Manage exceptions to security standards through risk assessments.
• Continuously improve the effectiveness of our information security management system.
  
  

5. Compliance with Legal and Regulatory Obligations

We are committed to complying with all relevant legal and regulatory requirements related to information security.

Softinn will:

• Document and regularly review applicable laws and regulations, including the PDPA 2010 and 2024.
• Monitor compliance with legal and regulatory obligations.
   

 

This policy is subject to regular review and updates to ensure its continued relevance and effectiveness. For more information about our data protection practices, please refer to our Privacy Policy.

This document has been authorised and approved by: 

LEE JEE SHEN (CEO)
TEE DEE THENG (HEAD OF BUSINESS OPERATIONS)

 

Last Updated on 1st January 2025

 

 

List of third-party processors as at 31st May 2025: