|Scope of standards?||Information Security Management Systems (ISMS)|
|What does certify to the standard means?|| |
An organisation has established a systematic approach to protect especially sensitive information from wide range of threats to ensure business continuity, minimize business damage due to attacks, leakages and natural disasters, maximise return on investment and business opportunity. It encompasses people, processes and information technology systems. In the context of this standard, the term information includes all forms of data, documents, messages, communications, conversations, recordings, and photographs.
|Who should apply?||Any organisation of any size|
|Standards used?|| |
(ISO/IEC 27001:2005, IDT)
*ISO/IEC 27001:2013 was published in October 2013. Visit www.iso.org for further details.
*The MS ISO/IEC27000 family of standards on Information Security Management is also available for further reference. Please visit www.msonline.gov.my to get your standards. More ISO/IEC 27000 family standards are available in www.iso.org
|Certification cycle?|| |
Certification process and cycle
|How to apply?|| |
List of accredited certification body by Standards Malaysia can be accessed through the following URL
*URL may change from time to time. Please revert to Standards Malaysia's website at www.jsm.gov.my should the URL did not work.
|Benefit of certification|| |
|ISMS made simpler|| |
Clause 4 – ISMS Requirements
Clause 5 –Management Requirements
Clause 6 – Internal Audits
Establish internal audit procedure and conduct audit as planned
Clause 7 – Management Review
Conduct management review meeting to evaluate the effectiveness of ISMS through assessing the review inputs and by ensuring the review output include the decision and action required to improve the ISMS
Clause 8 – Measurement, analysis and improvement
**Disclaimer: The interpretation may vary in specific situation, scope and environment. This is to be used as guideline and general overview of complying with the standard. Guidance and assistance by trained resources is required to ensure proper interpretation and implementation of the standards.