Pantas Software Sdn Bhd Security Policy
Pantas Software Sdn. Bhd. developed this security policy ("Security Policy") in order to showcase our commitment to protecting our users' data by implementing appropriate security controls for the data that we obtained from you on our website(s) or website/IT portal(s)/mobile application(s), (the "Site") and the services, features, content, or applications we offer (collectively with the Site, the "Pantas Platform" or "Service").
We reserve the right to change this Security Policy from time to time. Please review this Security Policy frequently to remain informed of Pantas' data security practices.
What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) is the Data Security Standard put together by the Payment Card Industry Security Standards Council. The PCI Security Standards Council is led by a policy-setting Executive Committee, composed of representatives from the Founding Members (Visa, American Express, MasterCard, Discover and JCB) and Strategic Members (UnionPay).
It is the global industry data security standard that every business accepting payment cards and store, process, and/or transmit cardholder data must comply with.
The data standard has a total of twelve compliance requirements that can be categorised into six broad control objectives. They are:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Our data security program is designed to assess, protect, detect, and respond to security incidents. It includes controls and procedures from the PCI-DSS standard as well as other industry standards and best practices.
We conduct regular scans of all our production environments, looking for missing patches and vulnerabilities.
We follow alerts issued by various parties and security groups, especially on newly found vulnerabilities, also known as 'zero-day vulnerabilities'. We subscribe to security exploit alerting system managed by the Cybersecurity and Infrastructure Security Agency (CISA) which is an operational component under the Department of Homeland Security of the United States of America (https://www.cisa.gov/uscert).
We maintain an intrusion prevention software framework that protects computer servers from brute-force attacks on all our production systems and networks. Our firewall policies are reviewed periodically to ensure that only legitimate traffic is allowed in.
We protect sensitive data in transit with strong encryption and selectively use data at rest encryption, tokenization, and data masking.
Payment Processing Security
In addition to our Data Security, we observe the necessary level of security for credit card transaction processing by employing specific controls.
Pantas is a self-certified PCI Level 4 merchant, and maintains compliance with the PCI DSS standard. The Pantas SAQ-A Attestation of Compliance can be found here.
The pantas.com platform does not directly store or process credit card data. We rely on our Payment Processing Partner to perform the actual handling and secure storage of credit card data, and processing of credit card transactions. Our Payment Processing Partner is a certified PCI Level 1 Service Provider.
Our hosting provider, Amazon Web Services (AWS) is PCI level 1 compliant and has completed the industry standard on System and Organization Controls (SOC) for SOC 1, SOC 2 and SOC 3 certifications. This includes controls and processes such as multi-factor authentication, role-based access controls (RBAC), highly redundant utilities, and strict change management processes.
More information can be found at:
Questions regarding this Security Policy or the security-related practices of the Site should be directed to firstname.lastname@example.org
Effective Date: This Security Policy is effective as of February 11, 2022.