Data Security

How we protect your facility's most sensitive operational data.

Malaysia-Based Infrastructure

All Energy Intelligence data is hosted on secure infrastructure located within Malaysia, ensuring data sovereignty and compliance with local regulations including the Personal Data Protection Act 2010 (PDPA).

Our infrastructure meets Malaysian healthcare data residency requirements for both public and private hospitals.

ISO 27001 Certified

Cre8 IOT Sdn Bhd operates under an ISO 27001 certified Information Security Management System (ISMS). This internationally recognised standard ensures we systematically manage sensitive company and customer information.

Our certification covers:

• Risk assessment and treatment processes
• Security policy governance
• Access control management
• Cryptographic controls
• Physical and environmental security
• Operations security and communications management

Role-Based Access Control

Energy Intelligence implements granular role-based access control (RBAC) with the principle of least privilege. Every user is assigned a role that determines exactly what data they can view, modify, or export.

Built-in roles include:

• System Administrator: Full platform management
• Facility Manager: Energy monitoring and reporting access
• Department Head: Department-level consumption reports
• Executive: Summary dashboards and ROI metrics
• Auditor: Read-only access to compliance reports

Custom roles can be created to match your facility's organisational structure.

Full Audit Trail

Every action within the platform is logged with an immutable audit trail. This includes:

• User logins and failed authentication attempts
• Energy data queries and report generation
• Threshold configuration changes
• Alert acknowledgements and events
• API calls and integration activities

Audit logs are retained for regulatory compliance and can be exported for inspections, EECA audits, or MOH compliance reviews. Logs are tamper-evident and stored separately from operational data.

Encryption & Transmission Security

Data is protected at every stage of its lifecycle:

• In Transit: All communication between IoT sensors, the platform, and user dashboards uses TLS 1.2/1.3 encryption. API integrations require secure protocols.
• At Rest: All database records, reports, and backups are encrypted using AES-256.
• On Device: IoT sensors use encrypted communication protocols to prevent signal interception.

Network & Application Security

Our platform is protected by multiple layers of security:

• Web Application Firewall (WAF) filtering malicious traffic
• DDoS protection for uninterrupted availability
• Intrusion Detection and Prevention Systems
• Regular vulnerability scanning and penetration testing
• Automated patch management for all infrastructure components
• Segregated network zones for production, staging, and development

Business Continuity & Disaster Recovery

Energy Intelligence is designed for the 24/7 demands of healthcare, hospitality, commercial, education, industrial, and smart city facility operations:

• Automated real-time backups with point-in-time recovery
• Multi-zone redundancy within infrastructure
• Disaster Recovery plan tested quarterly
• Failover procedures for critical components
• Data replication for geographic resilience

Request a Security Briefing

Our team can provide a detailed security whitepaper, architecture diagram, and answers to your CISO's questions.

Contact us: hello@energyusage.my