Compliance Overview
SmartGradeAI is committed to maintaining the highest standards of regulatory compliance
and data protection. Our platform adheres to Malaysian and international regulations
governing educational technology and data privacy.
PDPA 2010 Compliance
Full compliance with Malaysia's Personal Data Protection Act
Active
MQA Guidelines
Aligned with Malaysian Qualifications Agency standards
Active
ISO 27001
Information Security Management System standards
In Progress
GDPR Principles
Following General Data Protection Regulation principles
Active
Data Protection Compliance
Personal Data Protection Act 2010 (PDPA)
SmartGradeAI fully complies with Malaysia's PDPA 2010, ensuring all personal data
is processed lawfully and protected against unauthorized access.
Our PDPA Principles:
- General Principle: Personal data processed only with consent
- Notice and Choice: Clear information about data collection
- Disclosure: Data shared only for educational purposes
- Security: Technical and organizational measures in place
- Retention: Data kept only as long as necessary
- Data Integrity: Ensuring accuracy and completeness
- Access: Users can request and correct their data
| Data Type |
Purpose |
Retention Period |
Protection Level |
| Student Information |
Academic records |
Duration of study + 7 years |
High |
| Assessment Data |
Grading & feedback |
Academic year + 3 years |
High |
| Login Credentials |
Authentication |
Until account deletion |
High |
| Usage Analytics |
System improvement |
12 months |
Medium |
Education Standards Compliance
Malaysian Qualifications Agency (MQA) Standards
SmartGradeAI aligns with MQA's Code of Practice for Programme Accreditation (COPPA)
and supports quality assurance in teaching and learning.
Compliance Areas:
- Transparent assessment criteria
- Constructive alignment with learning outcomes
- Fair and consistent grading mechanisms
- Timely feedback to students
- Academic integrity measures
- Regular system audits
- Continuous improvement processes
- Stakeholder feedback integration
- Performance monitoring
- Documentation and record-keeping
- Accessible online learning platform
- Interactive assessment tools
- Secure digital environment
- Support for diverse learning styles
- Mobile-responsive design
Ministry of Higher Education Guidelines
Compliance with MOHE's guidelines for e-learning and digital assessment in
higher education institutions.
Security Measures
Technical Security Controls
Data Encryption
- SSL/TLS encryption in transit
- AES-256 encryption at rest
- Encrypted password storage (bcrypt)
- Secure API communications
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication available
- Session management
- IP whitelisting option
Organizational Security
- Regular security training for staff
- Incident response procedures
- Business continuity planning
- Vendor security assessments
- Regular penetration testing
Security Audit: Last conducted on December 2024.
Next scheduled: March 2025
Privacy Policy Highlights
Data Collection
We collect only necessary data for educational purposes:
- Personal identification (name, student ID, email)
- Academic information (courses, grades, submissions)
- System usage data (login times, activity logs)
- Technical data (IP address, browser type)
Data Usage
Your data is used exclusively for:
- Providing educational services
- Academic assessment and grading
- System improvement and analytics
- Communication about academic matters
- Compliance with legal requirements
Data Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request data deletion (subject to retention requirements)
- Data portability
- Withdraw consent
We will never:
- Sell your personal data
- Share data without consent
- Use data for marketing without permission
- Transfer data outside Malaysia without safeguards
- Keep data longer than necessary
Accessibility Standards
SmartGradeAI is committed to providing an accessible platform for all users,
including those with disabilities.
WCAG 2.1 Compliance
| Principle |
Level |
Status |
Details |
| Perceivable |
AA |
Compliant |
Text alternatives, captions, contrast ratios |
| Operable |
AA |
Compliant |
Keyboard accessible, no seizure risks |
| Understandable |
AA |
Compliant |
Clear language, consistent navigation |
| Robust |
AA |
Partial |
Screen reader compatibility in progress |
Accessibility Features
- High contrast mode available
- Resizable text without loss of functionality
- Keyboard navigation support
- Screen reader compatible (partial)
- Alternative text for images
- Clear focus indicators
AI Ethics & Governance
Ethical AI Principles
Our AI systems are designed and operated according to ethical principles that
ensure fairness, transparency, and accountability.
Fairness
- No bias in grading algorithms
- Equal treatment for all students
- Regular bias testing and audits
- Diverse training data sets
Transparency
- Clear AI decision explanations
- Human oversight of AI grading
- Ability to contest AI decisions
- Documentation of AI processes
AI Governance Framework
- Human-in-the-loop: All AI decisions can be reviewed by educators
- Explainability: AI provides reasoning for grades and feedback
- Accountability: Clear responsibility chain for AI decisions
- Privacy by Design: AI models don't retain personal data
- Continuous Monitoring: Regular assessment of AI performance
Important: AI-generated content and grades are always subject to
human review and can be overridden by instructors.
Audit & Compliance Reports
Recent Audits
| Audit Type |
Date |
Auditor |
Result |
Report |
| Security Audit |
Dec 2024 |
Internal IT Team |
Passed |
View |
| PDPA Compliance |
Nov 2024 |
External Consultant |
Compliant |
View |
| Accessibility Review |
Oct 2024 |
WCAG Specialist |
Minor Issues |
View |
| AI Ethics Review |
Sep 2024 |
Ethics Committee |
Approved |
View |
Compliance Metrics
< 24hrs
Incident Response
Download Compliance Documents
Access our full compliance documentation and policies
Last updated: January 15, 2025