Loading...
Loading...
How we benchmark nCrypt Malaysia against the international cybersecurity industry — the frameworks we audit ourselves against, the partner ecosystem we operate within, and the awards we pursue.
Cybersecurity is a trust business. In Malaysia, where most cybersecurity vendor selection happens in regulated environments — Bank Negara Malaysia supervision, NACSA NCII oversight, SC capital-market intermediaries — what matters is not marketing-driven award logos but the substantive frameworks a firm chooses to be measured against.
We publish the standards we hold ourselves to, the partner ecosystem we belong to and the industry awards we pursue. We also publish where we are still building. The goal is transparency, not a wall of plaques.
The international gold-standard for technical, methodological and ethical conduct of penetration testing services. Adopted by Bank Negara Malaysia as the de facto cadence for financial-sector pentest providers.
Our own information-security management is built and audited against the ISO 27001 control framework. We use the same Annex A controls and risk-treatment approach we recommend to clients.
We benchmark our delivery and internal controls against the NIST CSF functions — Govern, Identify, Protect, Detect, Respond, Recover — and publish internal scorecards quarterly.
Our financial-services practice is structured to deliver against every clause of the RMiT Policy Document — particularly 10.49 (intelligence-led testing), 10.66 (third-party assurance) and the cyber resilience chapter.
We track our own readiness to support NCII sector lead and entity obligations under Act 854 and the supporting Cybersecurity Service Provider regulations.
We audit our data-handling practices against the strengthened PDPA 2024 regime, including mandatory breach notification timelines and Data Protection Officer requirements.
International accreditation body for technical security service providers
Training partner for ISO 27001, ISO 27005 and ISO 22301 lead-implementer/auditor certifications
PCI ASV scanning programme and PCI DSS advisory ecosystem
Open framework we use to map adversary TTPs across red team and intelligence-led engagements
These are categories we benchmark our delivery quality and case studies against. We list them publicly to be transparent about our targets — not to imply prior wins. Award entries are submitted only when we believe our delivery evidence stands up to independent judging panels.
For specific accreditations we currently hold (CREST member firm status, ISO 27001 certification status, PCI ASV scanning programme, NACSA Cybersecurity Service Provider licence) please see our accreditations page, which is kept current with effective dates.
We can share methodology documentation, sample reports (redacted), accreditation certificates and references on request as part of any procurement evaluation.