SCAN Associates Berhad

Products & Services

PCI Compliance Services

PCI Compliance Services

Today, as security awareness is growing in Malaysia, with the vast array of regulations and standards that emphasises on the importance of corporate governance, IT governance, reporting standards and financial frameworks, security of personal information is crucial for the development of the current business environment.

Payment Card Industry (PCI) Data Security Standard is the collaboration of major credit card processing companies such as VISA, MasterCard and American Express that provides a platform for organisations to mitigate credit card fraud, cracking and various other security vulnerabilities and threats.

PCI Compliance Requirements

Any entity that stores, processes and/or transmit cardholder data must comply with the stipulated standards. The following requirements are required to be complied by these entities:

SCAN PCI Compliance Services

SCAN will ensure that the compliance of standards are adopted and maintained by providing the following services:


With Payment Card Industry Data Security Standard, SCAN as the PCI Approved Scanning Vendor, will assist merchants to achieve the following:-

  • Able to view the compliance status of their entire payment network, from both outside and inside their network. With this compliance, merchants will receive the industry’s most complete and accurate security and compliance assurance that their customer’s payment card data is protected, regardless of where it resides on the payment network.
  • Able to achieve certified third-party validation of PCI compliance as required by the PCI Data Security Standard.
  • Achieve the most complete compliance and security assurance of their entire payment network through continuous external and internal risk and configuration assessments.
  • Achieve continuous PCI compliance cost-effectively, while maximising their customer’s card data security regardless of where it resides on the enterprise network.

For more information on this product, email us at

ISO/IEC 27001 Compliance

ISO/IEC 27001 Compliance

In today’s competitive business environment, information is the lifeblood to ensure survivability of an organisation, which is subject to increased exposure to threats and vulnerabilities. There is a need to establish a comprehensive protection strategy based on a sound risk management framework.

ISO/IEC 27001 is a standard for Information Security Management Systems (ISMS) to provide a framework for organisations to improve and demonstrate maturity of their information security process.

What Is Information Security Management System (ISMS)?

ISMS is part of a company’s internal control system. It is the means by which a company monitors and controls its security and minimises risk to ensure that it fulfils the requirements of clients, users and partners to deliver products and services in a secure and protected environment.

ISMS establishes a management framework, which covers the people, IT system and processes within a company. Changes are regularly monitored and reviewed as well as appropriate actions are taken to improve the security management system.


The ISO/IEC 27001 certification recognises that a company has established and maintained a documented ISMS that revolves around the Plan-Do-Check-Act principle. Its benefits are as follows:-

  • It certifies that your company complies to the industry’s best practices for security.
  • From a marketing perspective, it encourages trust among present and potential clients.
  • With compliance, a better work practice and ethics in security is established.
  • It provides a framework for you to comply with regulatory/legislation requirements.

SCAN has proven methodology for achieving ISO/IEC 27001 compliance and certification. As we house one of the largest pools of Certified ICT Security Consultants in the country, let us help you meet your ISO/IEC 27001 compliance goals in the shortest time and lowest cost.

For more information on this product, email us at

Development of ICT
Security Document

Development of ICT Security Document

To be truly effective, the security within an organisation needs to be supported by different types of documentations. These documentations form the principle and guideline for which security is to be managed, and thereby the basis of which consistent security throughout the organisation is achieved.

Our certified security consultants who have been well exposed to different operating environments of various industries would be able to develop the security documents that best fit your organisation. The security documents covered are as follows:

How Do We Approach The Development Of ICT Security Documents?

Understanding the organisation’s culture, industry standards and regulatory requirements are paramount during the development process to ensure that the documents developed are truly practical and reflect the actual practices of the client. With the understanding of the client’s security requirements, a security framework will be developed, identifying the key topics and strategies for policy implementation. We will guide you through the entire cycle of policy development by organising numerous workshops with key personnel within the organisation, until its final review and endorsement by the executive management.

For more information on this product, email us at