Did you know?


SKMM is the regulator for postal services in Malaysia.

The Postal Services Act  2012 seeks SKMM to ensure the high quality conveyance of Postal articles and to protect the interest of users of postal services.


The National Postal Strategy sets out a roadmap for the Malaysian postal and courier sector 

to maintain the relevance of the sector in the overall development of the nation.

Make a complaint here.

Register of Assignments

Magic Map

Want to know what's around you? Check out Magic Map

Event Calendar

  • MCMC
  • KKMM
  • MCMC Regional
  • Public Holidays

Industry ISMS Implementation

MS ISO/IEC 27001:2007 Information Security Management System (ISMS) Implementation and Certification for Critical National Information Infrastructure (CNII) under Communication and Multimedia Industry

 
About MS ISO/IEC 27001 Certification Exercise in Malaysia

Objective

To provide details information on the MS ISO/IEC 27001:2007 Information Security Management System (ISMS) implementation and certification for communication and multimedia industry in Malaysia.

Introduction

On 24 February 2010, the Jemaah Menteri had decided that:-

• Critical National Information Infrastructure (CNII) entities of Malaysia to be certified under MS ISO/IEC 27001:2007 Information Security Management System (ISMS);

• Implementation of ISMS certification is to be coordinated by the relevant ministries and agencies that are responsible over the specific CNII; and

• The CNII entities to be certified within 3 years.

Critical National Information Infrastructure is defined as those (real and virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on:

a. National Economic Strength - Confidence that the nation’s key growth area can successfully compete in the global market while maintaining favourable standards of living.

b. National Image – Projection of national image towards enhancing stature and sphere of influence.


c. National defence and security – Guarantee sovereignty and independence whilst maintaining internal security.

d. Government capability to function – Maintain order to perform and deliver minimum essential public services.


e. Public health and safety – Delivering and managing optimal health care to the citizen.

Implementation

In line with the cabinet decision, Malaysian Communications and Multimedia Commission (MCMC) as the regulator of the communications and multimedia industry in consultation with the Ministry of Information, Communication and Culture (MICC) has identified eleven (11) critical organizations within the communications and multimedia industry that requires ISMS certification within the stipulated timeline. The identified organizations are as follows:

1. Telekom Malaysia Berhad
2. CelcomAxiataBerhad
3. Maxis Berhad
4. Digi Telecommunications Berhad
5. U-Mobile SdnBhd
6. MeasatBroadcast Network Systems SdnBhd (ASTRO)
7. Media Prima Berhad
8. Jaring Communications SdnBhd
9. .my Domain Registry
10. NTT MSC SdnBhd
11. Time dot Com Berhad

Reporting
All CNII entities or organizations under communication and multimedia industry will report their progress of ISMS implementation to MCMC in every quarter, who then will report to National Cyber Security Coordination Committee (NC3) and National Cyber Security Advisory Committee (NaSCAC).

Verification
In terms of verification:-
a. for CNIIs gazetted as SasaranPenting, CGSO’s Tim Naziran will check on the validity of the reports as well as the actual implementation of ISMS, and

b. for CNIIs identified but not gazetted as Sasaran Penting, MCMC shall request the CNIIs under purview to provide regular progress reports on ISMS certification.

Enforcement
MCMC as governing agency for communication and multimedia industry has the responsibility to ensure both proper enforcement and accurate reporting on the ISMS implementation by the CNII entities under purview.

Benefits of MS ISO/IEC 27001:2007 Certification
• MS ISO/IEC 27001:2007 is an internationally accepted as information security management standard and has been adopted by many public and private sector organizations from various industries.

• It is an auditable standard that will give an assurance to the management of the organization that the appropriate policies, procedures and controls are in place.

• The standard defines the top down, risk based and business driven approach in developing the ISMS.

• Stakeholders being confident with the commitment of the ISMS certified company in keeping their information safe. This in turn will give commercial credibility, trust and confidence to the said company.

• Improve employee awareness of security issues and their responsibilities within the organization because the weakest link in ensuring information security is unavoidably human.

• The regular assessment process will help organization to continually use, monitor and improve your management and processes.

25/07/2012
25/07/2012
25/07/2012
25/07/2012
Share this article
Archived Entries

Associate

It is the quality of the human capital that will determine if we can meet our aspirations of achieving a high value, and high income, economy by 2020. As we progress towards becoming a developed nation, we must do our part to equip fellow Malaysians with the skills and knowledge to succeed as a productive member of the knowledge-led economy.

Associate Links :

The listed links are for MCMC Staff ONLY

Industry

Malaysians are now more exposed to the various media platforms than in previous years. As the authority and custodian of the Communications and Multimedia Act 1998, Postal Services Act 2001 and Digital Signature Act 1997, the Commission’s functions and responsibilities are becoming increasingly more apparent and significant.


Back To Top