FeaturesPricingAboutSecuritySign In

Security & Compliance

Built for regulated institutions. Your data stays in Malaysia, your AI decisions are explainable, and your compliance posture is always audit-ready.

Certifications & Compliance

Our commitment to earning and maintaining industry-recognised certifications.

ISO 27001

In Progress

Information security management system certification. Expected completion Q4 2026.

SOC 2 Type II

Planned 2027

Service organisation controls for security, availability, and confidentiality.

PDPA Malaysia

Compliant

Full compliance with the Personal Data Protection Act 2010, including data processing and cross-border transfer requirements.

AMLA 2001 Alignment

Aligned

Platform designed to support obligations under Malaysia's Anti-Money Laundering Act.

Data Residency

Designed to meet BNM data localisation requirements for regulated financial institutions.

  • All customer data stored in Malaysia (Southeast Asia region)
  • Enterprise customers can pin data to specific regions
  • No customer data leaves the designated region without explicit consent
  • Data residency compliant with BNM requirements for regulated entities

Infrastructure Security

Encryption

  • AES-256 encryption at rest for all data stores
  • TLS 1.3 for all data in transit
  • Customer-managed encryption keys available for Enterprise

Access Controls

  • Role-based access control (RBAC) with least-privilege principle
  • SSO / SAML and Active Directory sync for Enterprise
  • Multi-factor authentication enforced for all accounts

Infrastructure

  • Private network isolation between tenants
  • Automated vulnerability scanning and patching
  • DDoS protection and rate limiting

Audit & Monitoring

  • Comprehensive audit logging for all user and system actions
  • Real-time security monitoring and alerting
  • Immutable audit trails with tamper-proof hashing

Responsible AI

We believe AI in compliance must be transparent, explainable, and always under human control.

  • Every risk verdict includes a plain-language explanation — no black boxes
  • Confidence scores with transparent breakdown of risk vectors
  • Human-in-the-loop design: AI recommends, analysts decide
  • Model performance monitored for drift and bias
  • Customer feedback loop to continuously improve accuracy
  • No autonomous decisions — all actions require human review

Have security questions?

Our team is happy to walk through our security architecture, provide compliance documentation, or discuss your specific requirements.

security@cekapai.my