Trust & compliance
Built for governance, scrutiny, and trust.
Aligned to internationally recognised governance, security and AI-governance frameworks — and to Malaysia's own — so a board, an auditor or a regulator can review XI's posture line by line. Why that shortens the procurement review is worth a briefing.
Governance, certification & national alignment
The certifications XI holds — and the frameworks it aligns to.
Boards and auditors can assess XI’s governance, security and AI-control posture.
International Certifications
- ISO 27001 — Information Security
- ISO 9001 — Operational Quality
- ISO 42001 — AI Governance
- SOC 2 Type II — Security & Availability
- CREST — Vulnerability Assessment, Penetration Testing, Threat-led Pentesting, Security Operations Centre*
Malaysia Regulatory Alignment
- NACSA Licensed — Pentest & SOC
- Cyber Security Act 2024
- BNM RMiT alignment
- NIST AI RMF & MITRE ATT&CK
- PDPA Malaysia & GDPR
- CyberSecurity Malaysia partnership
- Malaysia Digital (MD) Status — MDEC awarded
*Current CREST membership is at Pathway+.
Certification badges
Certified, licensed, and aligned.
What regulators now expect
Regulated organisations need control that can be explained, reviewed and improved.
Regulators now expect stronger governance, clearer accountability and better evidence — before, during and after an incident.
| Expectation | What organisations must show |
|---|---|
| Operational control | A clear view of what’s happening and how response is coordinated. |
| Accountability | Who is responsible, who approved actions, and why. |
| Explainable AI | AI recommendations can be understood, traced, and reviewed. |
| Audit-ready evidence | Decisions, actions and records available for review. |
| Continuous validation | Resilience tested; improvements proven. |
Aligned to the Cyber Security Act 2024, BNM RMiT, PDPA, NACSA licensing, ISO 42001, NIST AI RMF, and MITRE ATT&CK.
Board confidence & institutional credibility
What this gives boards and management.
Certification and alignment are not paperwork — they are how a vendor's governance and operating discipline can be reviewed.
- Confidence in vendor governance & discipline
- Alignment with regulatory & audit expectations
- A clearer basis for procurement & risk review
- Support for AI governance & digital-trust obligations
- A stronger foundation for institutional trust
“XI delivers globally aligned cyber capabilities with locally defensible operational governance.”
Next step
Review XI's governance posture in depth.
Corporate profile and assurance package on request — with a briefing on how Sentient Spire strengthens your existing security estate.