The new changes contained in the ISO/IEC 27001:2022 standard are: a) 11 clauses b) 93 Control Annex A c) 4 Sections in Annex A   A summary of the requirements in the latest standard involves: 1. Clause 4.2(c) Requirements of interested parties to be addressed through the ISMS 2. Clause 6.3 Planning of Changes 3. Clause 8.1 Establishing criteria for processes and implementing control for them 4. Clause 9.3.2(c) Management review input - changes in needs and expectations of the interested    parties   11 The new Annex A controls are: A.5.7   Threat Intelligence A.5.23 Information security for use of cloud services A.5.30 ICT readiness for business community A.7.4   Physical security monitoring A.8.9   Configuration management A.8.10 Information deletion A.8.11 Data masking A.8.12 Leakage data prevention A.8.16 Monitoring activities A.8.23 Web filtering A. 8.28 Secure coding

The scope involved in ISO/IEC 27001:2022 at UPM is:

Information Security Management System for the Undergraduate New Student Registration Process includes activities from offer review to residential college registration except: - Course registration and new undergraduate student registration entry activities for:

        i) Distance Learning;         ii) Executive Programs; and        iii) International.    2. Information Security Management System for the Undergraduate Teaching Evaluation Process at        Faculty.    3. Information Security Management System for the New Full-Time Student Registration Process        Graduate Students Covers Activities from Acceptance of Offer to Confirmation of Registration.        Exclusion of the scope of ISMS certification for New Graduate Student Registration is for the        process of new graduate student registration for:        i) Distance Learning; and       ii) Non-graduating programs.

The ISMS risk assessment at UPM is carried out based on the Information Security Risk Management Guidelines (General Circular Number 3 of 2024). The approach taken is in accordance with the risk assessment process guidelines, starting from the step of Establishing Group Members to Step 10, which is Risk Calculation. These steps are related to each other because the input for a risk assessment activity can be taken from the output of previous steps. This risk assessment is using the previous myRAM system which has been modified to myRAM UPM according to the suitability of the agency. The link to myRAM UPM is https://myram.upm.edu.my/  

Information related to UPM's Service Quality and Innovation Day (HKIP) and UPM's Administrative Management Star Rating can be found on the UPM eISO Portal (https://eiso.upm.edu.my/) under the link 'QUALITY CULTURE PROGRAM'.

There are 3 Main Components that are assessed, namely the Management Component, Transformation Component and Customer Management Component with details as follows: 1. Management Component (60%) - covers the following 6 sub-components:     a. Accountability Index - 10%     b. Human Resources - 10%     c. Occupational Safety and Health Management - 10%     d. Website Management - 10%     e. Quality Management - 10%     f. Citra Putra (KPI/Functional & Level Action Plan) - 10%   2. Transformation Component (30%) - calculation based on the highest 3 scores for any of the    following sub-components:     a. Implementation of Innovation in Services (taking into account the KIK/Service Innovation/Lean          Management approach) - 10%     b. Implementation of Workplace Environment Quality (EKSA Practices) - 10%     c. Industry Networking / Community Networking - 10%     d. Green Sustainability - 10% e. Digital Transformation - 10%   3. Customer Management Component (10%) - covers the following 3 sub-components:     a. Customer Satisfaction Survey - 4%     b. Customer Charter - 4%     c. Customer Feedback Management - 2%    

UPM Administrative Management Star Rating is a rating indicator developed to assess the achievements and performance of PTJ from the management and administration aspects in improving the quality of effective service delivery.

EKSA is a rebranding of the 5S Practices that have been used in the public sector since 2010. The main components in the implementation of EKSA are still based on the improved 5S Practices in addition to the addition of several new elements. EKSA is not intended to replace the 5S concept that was practiced previously, but rather to improve the 5S elements by supporting the creation of a more conducive work environment. The 5S Practices are improved by adding five new elements to EKSA.

The main components in the implementation of EKSA are based on the 5S Practice (Sort, Sort, Sweep, Uniform and Always Do Good) and improved with the addition of five (5) new elements, namely:

Corporate Image

Creativity and Innovation

Green Practices

Conducive Environment

Agency Diversity

The 694th University Management Committee (JPU) meeting on 29 January 2020 approved the rebranding of the implementation of UPM's 5S Quality Environmental Practices to the Public Sector Conducive Ecosystem (EKSA) starting in 2021. Notification regarding this matter was made to all Heads of PTJ via a letter dated 13 February 2020. However, the Covid-19 pandemic that hit the country in 2020/2021 has affected the planning of the transition process. Accordingly, the Quality Assurance Center has resubmitted an information paper to the Public Prosecutor's Office to extend the transition period until June 2022. CQA has also held a meeting with PTJs who have not yet implemented the transition on 16 March 2022 to ensure that PTJs are involved in implementing the transition within the specified time period. The EKSA components involved are: A. Main Implementation Requirements B. Workplace/Office Space C. Public Places D. Environmental Safety E. Office Surrounding Areas F. Specific Places (as appropriate to the Agency)  

Center for Quality Assurance organizes UPM Quality and Innovation Day once every two years by taking into account component 2 (Transformation) as the PTJ Star Rating, which includes the percentage of marks for Workplace Quality Implementation (EKSA) which is 10% and the awarding of the UPM Workplace Environment Quality Award according to four (4) PTJ categories and evaluation is made for First, Second and Third place. The EKSA evaluation rubric/criteria can be accessed on the website https://eiso.upm.edu.my/  

Malaysian Qualifications Agency (MQA) certification to Higher Education Providers (HEPs) that have a strong and robust internal quality assurance system that meets the set standards.

From the 'autonomy' aspect, UPM has autonomy in handling the quality assurance process (accrediting) of UPM's academic programs. Meanwhile, in terms of 'savings', without autonomous power, UPM needs to submit an accreditation application through MQA which involves a cost of RM 10 thousand for a non-medical program. From the 'flexibility' aspect, UPM has flexibility in handling and complying with policies.

UPM IQA involves monitoring quality assurance at the faculty and university levels where the University IQA consists of the University Curriculum Sub-committee Meeting, the University Curriculum Committee Meeting, the Study Program Self-Accreditation Committee Meeting, the Senate Meeting, the LPU Meeting. While the Faculty IQA involves Department Meetings, Faculty Curriculum Committee Meetings and Faculty Meetings.

Provisional Accreditation Assessment is an initial assessment to determine whether a program has met the minimum quality requirements for Full Accreditation before the academic program can be offered. The assessment must be carried out after a new program proposal has been approved by JKKU (undergraduate program) or JKPSU (graduate program). After obtaining approval for the Provisional Accreditation assessment, the program proposal is then presented at the University Senate Meeting. Full Accreditation Assessment is an assessment of a new program that has been approved for Provisional Accreditation and must be obtained no later than 12 months before the first cohort of students graduate.

Faculties/Schools can check the accreditation status of study programs on the UPM e-ISO portal/Self-Accreditation/Program Audit (COPPA) at the link https://eiso.upm.edu.my/action.staf?view=swaakreditat_Audit%20Program_COPPA  

Programmes registered in the Malaysian Qualifications Register (MQR) are programmes that have gone through the accreditation process by MQA and are recognized in terms of quality and qualifications.

Registration of the programme in the MQR must be done once the program has obtained Full Accreditation from the Study Programme Self-Accreditation Committee (JKSPP) and has received a certificate of approval for the program audit by the UPM Senate. The Full Accreditation assessment process must be completed before the first cohort of students graduate. This registration is important to ensure that the programme qualifications are recognized and enable graduates to receive official recognition from the Malaysian Qualifications Agency (MQA).

Programme Data Section, Centre for Quality Assurance (CQA) is responsible for managing applications for programme registration in the Malaysian Qualifications Register (MQR). However, applications will only be processed after complete supporting documents have been received from the relevant faculty/school.

If a programme is not registered in the Malaysian Qualifications Register (MQR), the main consequences are:

The qualification is not officially recognised by the Malaysian Qualifications Agency (MQA), even if the student has graduated.

Students cannot verify their qualifications for employment purposes, professional registration or further studies.

Affects the reputation of the institution and the credibility of the academic programme.

Faculties/Schools are not allowed to recruit new students for the next session. Registration in the MQR is very important to ensure the recognition of the quality and qualifications of a programme legally.

Can be checked on the official Malaysian Qualifications Register website (www2.mqa.gov.my/mqr).

Document Management is important because it is one of the requirements in MS ISO 9001:2015 (Clause 7.5) namely:

a) documented information required by this International Standard;

b) documented information determined necessary by the organization for the effectiveness of the quality management system.

  UPM has determined that the control of ISO documents is the responsibility of the Quality Assurance Center, which is managed by the UPM Document Control Coordinator and assisted by the Deputy Document Control Coordinator appointed for each PTJ at UPM. Guidelines for the Preparation of ISO Documentation have been prepared and can be accessed via https://eiso.upm.edu.my/     The ISO documentation report will be presented at the Quality Committee Meeting and Management Review Meeting (MKSP) as scheduled each year.

Internal audits are carried out to meet the requirements of the Quality Management System (QMS) (ISO 9001) and Information Security Management System (ISMS) (ISO/IEC 27001) standards by checking whether they are in line with planning, monitored and implemented properly and effectively.   Any Non-Conformity Report (NCR) and Opportunity for Improvement (OFI) are reported during the audit. Findings, whether NCR or OFI, from previous audits will be reviewed and re-examined during the current audit to ensure the effectiveness of the corrective actions taken. PTJ cannot be exempted from internal audits if PTJ is listed in the scope of certification and this is to meet the requirements of the standard.  

Certification body audit refers to an important process where UPM undergoes inspection by a third-party accredited auditor, SIRIM QAS International, to ensure that UPM complies with the standards set by the ISO 9001 and ISO/IEC 27001 management systems to verify and certify that UPM has reached the set level and obtained certification. Audits are conducted once a year and PTJ samples are selected by the certification body according to rotation and needs.

Risk is the probability of a threat or disaster occurring that could impact the continuity of service operations and thus affect the ability of an organization to achieve its vision, mission, objectives or goals. The risk assessment is based on the requirements of the ISO 9001:2015 Quality Management System (QMS) Standard, clause 6.1 Actions to identify risks and opportunities.

  Bookings can be made via the link https://forms.gle/TTUvWohPoGJCXJJK6  

Any feedback, suggestions or appreciation can be made via the link https://docs.google.com/spreadsheets/d/17Gsb7eS1eRo0v_NaRxSBjJ2UU5pYE6OeTZOISqSFU_8/edit?usp=sharing   

Please contact the Administration Section at 03-9769 7697 or visit the website https://cqa.upm.edu.my/organisasi/senarai_staf-10473