PMO's MS ISO/IEC 27001:2007 Certification
The main objective of this certification is to establish an Information Security Management System (ISMS) that is based on the specific Malaysian Standard of the International Organisation for Standardisation/International Electrotechnical Commission 27001:2007 (MS ISO/IEC 27001:2007), which encompasses business risk management processes by initiating, implementing, monitoring, reviewing, maintaining and improving information security.
The certification is in line with the 2010-2014 PMO’s ICT Strategic Plan to enhance the management of ICT organisations by consolidating work processes and ensuring compliance with standards as best practices that are recognised by the government. One of the programmes that have been identified is the ISMS certification.
The adoption of the ISMS in the public sector is expected to shape the work culture and the way public services are delivered to the people. This is an effective approach to ensure that this office complies with circulars, directives and regulations on ICT security which are enforced from time to time by the government.
PURPOSE OF ISMS CERTIFICATION
The implementation of the ISMS certification is intended to create a delivery system that not only meets the demands and satisfaction of customers and complies with current regulations, but also ensures that it operates in a reliable, secure and controlled manner.
It provides a benchmark for information security management based on universal standards.
It strengthens the protection of information and ICT assets based on the principles of confidentiality, integrity and availability.
SCOPE OF ISMS
The scope of the ISMS certification for the Prime Minister's Office includes the following applications:
a) Portals/Websites under the supervision of Chief Executive Information and Management System of the Prime Minister's Office:
Portal of the Prime Minister's Office
Website of the Deputy Prime Minister
Websites of Ministers and Deputy Ministers under the Prime Minister’s Department
Website of the Chief Secretary
Website of the Prime Minister's Wife
b) Messaging and Collaboration System
The project duration for the MS ISO/IEC 27001:2007 certification was a year and a half starting from February 2010 to July 2011; and
The certification programme was implemented internally in collaboration with consultants from the Malaysian Administrative Modernisation and Management Unit (MAMPU).
The Prime Minister's Office obtained the MS ISO/IEC 27001:2007 certification on 18 November 2011.
The ISMS certification is one of the initiatives to empower the public sector in line with the strategy outlined in the government’s 2007-2010 ICT Security Framework. Among the benefits of the certification are:
Increasing confidence in the delivery system of the government.
Improving the country’s competitiveness.
Reducing the risks to ICT assets and minimising losses in the event of any untoward incident.
Generating the growth of the local ICT security industry.
Improving coordination, upgrades and compliance with the best practices of ICT security management on an ongoing basis.
The extensive use of ICT applications and systems has exposed this office to various cyber security threats. Therefore, information security is critically important as failure to deal with cyber attacks will have negative impacts and implications on the ICT services provided. It is hoped that this programme will provide assurance to all users regarding the management of information security of this office.
Last updated on 18/07/2012
This page has been read 47082 times