Loading...
Loading...
Full transparency. We list what we currently hold, what is in progress and what is in application — never the other way around. Procurement teams can reference this page directly.
Malaysian regulated environments — banks under Bank Negara Malaysia, NCII operators under NACSA, healthcare providers under MOH, telcos under MCMC — require evidence of provider credentials at procurement, not just claims. We have lost engagements because clients were unable to verify an accreditation cited by a competitor. We do not do that to clients.
Every accreditation below is captured with its current status (Held, Applied / In Progress, or In Progress). If you need a certificate copy, an effective date or a contact at the issuing body for verification, our procurement liaison can provide it during evaluation.
What it is: CREST is the international, not-for-profit accreditation body for technical information-security services, recognised by Bank Negara Malaysia, the UK FCA, the Hong Kong Monetary Authority and others as the gold standard for penetration testing service providers. Member firms operate under CREST's code of conduct, technical methodology requirements and external complaints process.
Scope: Penetration testing services (web, mobile, network, infrastructure). Intelligence-led testing aligned to BNM RMiT 10.49 and CREST STAR principles.
What it is: Under the Cyber Security Act 2024 (Act 854) and its supporting regulations, cybersecurity service providers offering managed security services or penetration testing to Malaysian entities are required to be licensed by the National Cyber Security Agency (NACSA). The licensing regime activation date is set by the Minister and registration windows are being rolled out.
Scope: Penetration testing services and managed security services. Licence application is in submission stage; we publicly track our status to give clients an accurate picture.
What it is: ISO/IEC 27001:2022 is the international standard for Information Security Management Systems. We are running our own implementation programme — Stage 1 documentation review and Stage 2 audit are scheduled with an accredited certification body. Until certification is issued we do not represent ourselves as ISO 27001 certified.
Scope: Headquarters and core delivery functions. Statement of Applicability will be available on request once certified.
What it is: The PCI Approved Scanning Vendor programme governs which firms can conduct external vulnerability scans for organisations subject to PCI DSS Requirement 11.3. ASV status is granted by the PCI Security Standards Council after passing an ASV compliance test.
Scope: External vulnerability scanning for merchants and service providers in scope of PCI DSS v4.0.1 Requirement 11.3.2.
What it is: PECB is an accredited certification body for ISO standards training and personnel certification. As a PECB approved partner, we deliver lead-implementer and lead-auditor training for ISO 27001, ISO 27005, ISO 22301 and related standards.
Scope: Training delivery for ISO 27001 Lead Implementer, ISO 27001 Lead Auditor and related personnel certifications.
Firm-level accreditations matter, but the consultant on your engagement matters more. Our pentesters, auditors and incident-response leads hold the following individual certifications. We can disclose specific certifications held by the named team on your engagement at scoping.
Beyond our own accreditations, our engagements are delivered to satisfy specific Malaysian regulatory expectations:
We supply certificate copies, effective dates, scope statements and issuing-body verification contacts during procurement evaluation. No NDA required for verification documents.