Did you know?

'Klik Dengan Bijak' is the programme designed to inculcate the culture of positive use of the Internet that is based on the 


principles of the Rukun Negara amongst Malaysian users.

The logo or tagline used serves as a reminder to users to be careful and to think before they access and use the Internet.

The National Postal Strategy sets out a roadmap for the Malaysian postal and courier sector 

to maintain the relevance of the sector in the overall development of the nation.

Register of Assignments

Magic Map

Want to know what's around you? Check out Magic Map

Event Calendar

  • MCMC
  • KKMM
  • MCMC Regional
  • Public Holidays

Frequently Asked Questions

Frequently Asked Questions

Why the need for certification?
Direction from the Malaysian Government requires the CNIIs to implement adequate security measures to ensure that the delivery of critical services and products are not disrupted because of problems with the information assets and information systems that are used to manage, control or deliver such services and products.

Is my organization a CNII entity?
If the services or products delivered to the public and the nation fall under the description explained as Critical Services or Products. The Critical Services or Products are those that are delivered to the external organization or the organization’s consumers and satisfy the critical services or product availability needs of the external organizations or consumers i.e industry, public, the economy and the nation. This external organization or consumers may be other CNII entities.
However intra-services or products, i.e services from one department that serves other departments in the same organization e.g. Human Resources, Procurement and Finance, are NOT considered critical UNLESS those intra-services or products delivered to the external organization.

What is the difference between Adopting, Complying and Certified ISMS?
The terms adoption, compliance and certification or certified has occasionally been used interchangeably and warrants clarification in order to ensure that all the parties involved have the same understanding.
If an organization claims that it is Adopting ISMS, it is merely a statement of intent of that organization expresses. It does not necessarily mean that the organization has actually implemented ISMS or in the process of implementing ISMS.
If an organization claims that it is Complying to ISMS, it is a statement of claim that it is adopting and has implemented ISMS. It does not mean that its implementation is ‘really’ in compliance as verified by an independent party.
If an organization claims to have been Certified ISMS, it means that an accredited certifying body has independently certified the organization’s ISMS implementation to the satisfaction of the standard.

What scope of the organization’s ISMS implement needs to be reported to MCMC?
An organization may implement one or more ISMS covering different scopes. These ISMS may be implemented concurrently or in sequence and some of the deliverable documents may be applicable across ISMS boundaries.
In brief, the scope of ISMS and the progress of the ISMS implementation that must be reported to MCMC are those that cover the delivery of critical services and products.

What sorts of disruptions to services are considered critical?
In general points to assist CNII entities:-
a. The interruption is immediate and no gradual or deferred or delayed,

b. The services performance level deteriorates significantly from the norm,

c. The quality of service deviates from the normal or acceptable quality of services, and

d. The impact of disruption or compromise has significant and noticeable effect to industry or commerce, government operations, image, safety or defence.

Will MCMC Fund the Cost of ISMS Implementation?
ISMS implementation is similar to the Quality Management System (QMS) in many respects. Essentially it is aimed to benefit the organization in its operations. Both the management systems (ISMS and QMS) will result in a verified and auditable process that will give assurance to the Management of the organization that the appropriate policies, procedures, and controls are in place.
In line with good Corporate Governance therefore, it is expected that the entity will take the necessary steps to ensure that ISMS is in place for the good of the organization.

MCMC will provide CNII entities under purview with training, workshop and seminar initiative in supporting government decision on the ISMS certification.

SKMM Contact

Network Security Management Department
Malaysian Communications and Multimedia Commission
MCMC Tower 1
Jalan Impact, Cyber 6
63000 Cyberjaya
Selangor DarulEhsan

Tel: +603-8688 8000
Fax: +603-8688 1003

Share this article


It is the quality of the human capital that will determine if we can meet our aspirations of achieving a high value, and high income, economy by 2020. As we progress towards becoming a developed nation, we must do our part to equip fellow Malaysians with the skills and knowledge to succeed as a productive member of the knowledge-led economy.

Associate Links :

The listed links are for MCMC Staff ONLY


Malaysians are now more exposed to the various media platforms than in previous years. As the authority and custodian of the Communications and Multimedia Act 1998, Postal Services Act 2001 and Digital Signature Act 1997, the Commission’s functions and responsibilities are becoming increasingly more apparent and significant.

Back To Top