Compliance Requirements

Payment Card Industry Data Security Standard

PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
Ge-pap is PCI DSS certified in 2019. We achieved and maintained PCI compliance and undertake to ensure that we are adhering to the security controls and requirements as follows:

Install and maintain firewall configuration to protect cardholder data.

Create custom password and other unique security measures. Do not use vendor-supplied defaults.

Protect stored cardholder data.

Encrypt transmission of cardholder data.

Use and regularly update antivirus software.

Develop and maintain secure systems and applications.

Restict access to cardholder data by business need-to-know.

Assign a unique ID to each person with computer access.

Restrict physical access to cardholder data.

Track and monitor all access to network resources and cardholder data.

Regularly test security systems and processes.

Maintain a policy that addresses information security.

International Organization for Standardization (ISO 27001)

ISO 27001 is providing requirements for an information security management system (ISMS) that helps organizations keep information assets secure. Gepap’s ISO certifies our processes and controls that are stringently scrutinized and audited. All customer’s data are well protected and managed as Ge-pap’s standards are strictly adhering to UKAS (UK) ISO 27000 standards.

Financial Services Act 2013 (FSA 2013)

One of the key legislation for the financial and insurance services industry includes FSA 2013. An Act to provide for the regulation and supervision of financial institutions, payment systems and other relevant entities to promote financial stability and for related, consequential and incidental matters. Ge-pap meets this requirement as we have the compliance to FSA 2013.

Personal Data Protection Act (PDPA 2010)

Protecting personal data is Ge-pap’s business. Ge-pap is complied with the rules set by the PDPA, which governs the collection, use and disclosure of personal data. We gain the trust of our clients and employees with proper protection of personal data.

ISO 9001:2008

Ge-pap is ISO 9001 certified, which is the international standard for a quality management system (“QMS”). This is one of the benefits our clients work with us because it gives them assurance that our management systems are constantly assessed and approved.

We are focused on meeting customer expectations and delivering customer satisfaction.

Network Penetration Test

Ge-pap performed Yearly Penetration testing on computer system, network or web application to find security vulnerabilities that an attacker could exploit. The main objective of penetration testing is to identify security weaknesses.

This Penetration testing is used to test Ge-pap’s security policy, its adherence to compliance requirements, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

BCP Test

The main objectives of a business continuity plan are to identify critical operations and risks, provide a plan to maintain or restore critical operations during a crisis, and create a plan to communicate with the clients during any unforeseen crisis.


The Business Continuity and Disaster Recovery Plan (BCP/DR) is important for our clients and Ge-pap’s BCP continuously identifies the potential risk/impacts that threaten the operations of our Bank clients and all other key clients to work towards providing and upgrading a framework for building reliable response that safeguards the interests of all key stakeholders and their reputation.


One key advantage for Ge-pap is that we have our own electricity power generator set that can power up critical machines during TNB power loss to keep our operations running for at least another 24 hours.


Ge-Pap’s BCP and DR site are continuously audited by our major Bank customers at least 4-6 times per year to comply not only with standards acceptable within our industry but also that standards expected by our Banking Clients.

Data encryption

Ge-pap encrypts data that includes transmission, processing and data at rest. The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the internet or other computer networks.