The certifications, regulatory alignments, and deployment practices that financial institutions need to know before engaging MYeBills. Full documentation available on request.
MYeBills holds current ISO/IEC 27001:2022 certification — the international standard for information security management systems. This is the 2022 revision, the most current version of the standard.
Independently audited and certified to ISO/IEC 27001:2022. Certifying body: Guardian Independent Certification Ltd (GICG), accredited by IAF MLA and JAS-ANZ.
Beyond certification, MYeBills' platforms are designed and built to align with Malaysia's specific financial regulatory frameworks. These are not post-hoc compliance additions — they are built into the architecture of each platform.
MYeBills' Enterprise Invoice Management (EIM) platform is built to LHDN's MyInvois API specifications. EIM handles the full e-invoice submission lifecycle — ingestion, validation, submission, response handling — and is live in production at a major Malaysian financial institution since July 2025.
Note: MYeBills builds to LHDN MyInvois specifications. This is a compliance alignment, not an LHDN accreditation or certification status.
MYeBills' Open Finance Infrastructure is built to PayNet's Open Finance Platform (OFP) specifications — covering Data Consumer (DC), Data Provider (DP), FAPI-compliant API gateway, and consent management. Developed in direct engagement with the PayNet team.
Note: MYeBills builds to PayNet OFP specifications. This is a technical alignment, not a PayNet certification or endorsement.
All MYeBills platforms are deployed on-premise within client infrastructure — consistent with Bank Negara Malaysia's data residency and outsourcing guidelines for financial institutions. No customer financial data is processed or stored outside of the client's own environment.
Note: On-premise deployment is a standard practice across all MYeBills engagements, not a BNM-specific waiver or exception.
MYeBills maintains a formal Personal Data Protection Act (PDPA) policy governing the collection, processing, and handling of personal data across all platform operations and client engagements. Our PDPA policy is available on request.
Full PDPA documentation available to clients and prospective clients upon request.
Beyond certifications and regulatory alignment, the way MYeBills deploys its platforms is designed to meet the security and governance requirements of enterprise financial institutions.
All platforms are deployed within the client's own infrastructure. No data is processed, stored, or transmitted to MYeBills infrastructure or third-party cloud environments.
All platforms support Active Directory integration, role-based access control, and Checker/Maker workflows — aligned with enterprise banking governance requirements.
Every platform maintains comprehensive audit logs — all user actions, system events, data submissions, and access requests are logged with full traceability for internal and regulatory review.
All platform communications — API calls, file transfers, email delivery — use encrypted channels. Customer document delivery (e.g. e-invoice PDFs) uses document-level encryption with customer-specific keys.
Enterprise SLA with 24/7 support. Every deployment includes a named support contact and documented escalation path — not a generic helpdesk.
Security architecture documents, PDPA policy, audit reports, and platform technical specifications are available to prospective clients under NDA for due diligence purposes.
Our team is happy to provide full compliance documentation to prospective clients under NDA — including ISO certificate, PDPA policy, and platform security architecture.
Request documentation