Federated SSO
Enterprise directory services integrate via standard federation protocols. Each login is recorded in the audit log with the issuing identity provider.
Governed AI operations, not just promises.
Sentient Spire QCS™ bakes identity controls, audit logging, and regulatory evidence into the product. Automation only happens when safeguards agree.
Transparent • Auditable • Ready for regulators
Identity & access controls
Federated identity, MFA, and least privilege are enforced before analysts see a dashboard.
MFA everywhere
QR-based Time-based OTP enrollment with admin verification. Analysts cannot access production consoles without MFA.
Role-based access
Analyst, Responder, and Administrator roles define UI access, API scopes, and orchestrator privileges.
Audit & evidence
Every action—from connector approvals to automated responses—is stored with context.
Audit log exports
Accessible directly from the console. Each entry includes actor, action, supporting context, and request identifiers for traceability.
Decision archives
The orchestrator captures every recommendation, confidence score, and resulting action so analysts can replay outcomes at any time.
Governance briefings
Comprehensive governance summaries, dataset overviews, and audit extracts stay aligned with each release and are available on request.
Latency and accuracy telemetry
Performance dashboards surface precision, recall, false-positive rates, and ingestion timings to support service-level commitments.
Regulatory alignment
Sentient Spire QCS™ is designed to support current and emerging AI governance frameworks.
AI governance
Risk management, human oversight, and accuracy reporting frameworks are mapped to our operational controls.
Information security
Policies for access, audit, business continuity, and incident response align with global security management standards.
Regional obligations
Control mapping supports financial services, critical infrastructure, and data-sovereignty requirements across multiple jurisdictions.
National accreditation & certifications
Our commitments are backed by Malaysian national oversight and globally recognised information-security standards.
NACSA Licensed Service Provider
The National Cyber Security Agency (NACSA) authorises Xyberteq to operate offensive and defensive managed services.
- Penetration Testing Service Licence
- Managed Security Operations Centre Monitoring Service Licence
ISO/IEC 27001:2022 Certified
Sentient Spire QCS™ adheres to the ISO/IEC 27001:2022 Information Security Management System requirements with annual surveillance audits.
- Scope: platform engineering, managed services, advisory
- Audited by InterCert under IAF accreditation
- IAF Registry: IC-IS-25100460
InterCert’s ISO/IEC 27001:2022 certificate is issued under IAF accreditation.
Compliance roadmap & transparency
We publish the lifecycle of every certification—what is live, what is under audit, and when renewals occur—to match how leading security vendors brief regulators.
| Framework | Status | Scope & next milestone |
|---|---|---|
| ISO/IEC 27001:2022 Registration IC-IS-25100460 | Certified | Provision of the Information Security Management System covering platform design, development, system maintenance, operations, and managed services (SOA v1.0). Certificate issued 29 Oct 2025 with surveillance audits conducted annually by InterCert. |
| NACSA Licensed Services (Malaysia) | Active | Penetration Testing Service Licence and Managed Security Operations Centre Monitoring Service Licence issued by the National Cyber Security Agency (NACSA). Licences cover both offensive validation and 24×7 SOC monitoring. |
| SOC 2 Type II | Under audit | Observation window in progress with independent assessors; evidence collection completes in December 2026 with report issuance immediately thereafter. Scope covers platform reliability, security, and change management. |
| ISO 9001:2015 | Audit scheduled | Quality Management System audit programme initiated for platform engineering, managed services, and advisory. Independent certification audit planned for November 2025 (Stage 1 & Stage 2). |
| GDPR & PDPA Operational Controls | In force | Data Protection Officer: privacy@xyberteq.com. EU SCCs 2021/914 implemented for cross-border transfers and Malaysian PDPA mapped to internal retention rules. Online DSAR portal available via the Data Subject Request page. |
| ISO/IEC 42001 (AI Management) | Planning | Internal readiness work underway to align AI lifecycle governance with ISO/IEC 42001. Gap analysis completes December 2025 with certification engagement scheduled immediately after. |
| CREST Penetration Testing | Planning | CREST-certified penetration testing provider assessment targeted for January 2026 to complement NACSA licensing and SOC 2 coverage. |
Security operations hardening
Protection of the platform itself follows the same standards we advocate for customers.
Runtime posture
Workloads operate within a hardened managed Kubernetes environment with layered network controls and continuous vulnerability scanning.
Secrets management
Credentials are stored in a dedicated secret management service with workload identity federation. No static secrets are baked into containers.
Logging & monitoring
Centralised logging and metrics provide real-time visibility, while critical events alert the on-call engineering team.
Request the full compliance package
We share detailed compliance summaries, audit extracts, penetration test scope, and the shared responsibility model with qualified teams.