Trust & compliance

Built for governance, scrutiny, and trust.

Aligned to internationally recognised governance, security and AI-governance frameworks — and to Malaysia's own — so a board, an auditor or a regulator can review XI's posture line by line. Why that shortens the procurement review is worth a briefing.

Governance, certification & national alignment

The certifications XI holds — and the frameworks it aligns to.

Boards and auditors can assess XI’s governance, security and AI-control posture.

International Certifications

  • ISO 27001 — Information Security
  • ISO 9001 — Operational Quality
  • ISO 42001 — AI Governance
  • SOC 2 Type II — Security & Availability
  • CREST — Vulnerability Assessment, Penetration Testing, Threat-led Pentesting, Security Operations Centre*

Malaysia Regulatory Alignment

  • NACSA Licensed — Pentest & SOC
  • Cyber Security Act 2024
  • BNM RMiT alignment
  • NIST AI RMF & MITRE ATT&CK
  • PDPA Malaysia & GDPR
  • CyberSecurity Malaysia partnership
  • Malaysia Digital (MD) Status — MDEC awarded

*Current CREST membership is at Pathway+.

Certification badges

Certified, licensed, and aligned.

NACSA licensed service provider logo
NACSA Penetration Testing & Managed SOC licences
ISO/IEC 27001:2022 certification badge
ISO/IEC 27001:2022 Information Security
ISO 9001 certification badge
ISO 9001 Quality Management
ISO/IEC 42001 certification badge
ISO/IEC 42001 AI Management System
SOC 2 Type II compliance badge
SOC 2 Type II Assurance Program
PDPA compliance badge
PDPA Compliant (Malaysia)
GDPR compliant badge
GDPR Compliant
CREST Pathway+ member badge
CREST — Pathway+
Malaysia Digital (MD) Status badge by MDEC
Malaysia Digital (MD) Status
CyberSecurity Malaysia logo
CyberSecurity Malaysia partnership

What regulators now expect

Regulated organisations need control that can be explained, reviewed and improved.

Regulators now expect stronger governance, clearer accountability and better evidence — before, during and after an incident.

What regulators now expect, and what organisations must show.
ExpectationWhat organisations must show
Operational controlA clear view of what’s happening and how response is coordinated.
AccountabilityWho is responsible, who approved actions, and why.
Explainable AIAI recommendations can be understood, traced, and reviewed.
Audit-ready evidenceDecisions, actions and records available for review.
Continuous validationResilience tested; improvements proven.

Aligned to the Cyber Security Act 2024, BNM RMiT, PDPA, NACSA licensing, ISO 42001, NIST AI RMF, and MITRE ATT&CK.

Board confidence & institutional credibility

What this gives boards and management.

Certification and alignment are not paperwork — they are how a vendor's governance and operating discipline can be reviewed.

  • Confidence in vendor governance & discipline
  • Alignment with regulatory & audit expectations
  • A clearer basis for procurement & risk review
  • Support for AI governance & digital-trust obligations
  • A stronger foundation for institutional trust

“XI delivers globally aligned cyber capabilities with locally defensible operational governance.”

Next step

Review XI's governance posture in depth.

Corporate profile and assurance package on request — with a briefing on how Sentient Spire strengthens your existing security estate.