Introduction

Information Security Management Systems or better known by the abbreviation ISMS which is 'Information Security Management Systems' exist as a result of the rapid growth in the use of information and communication technology (ICT), especially through internet facilities that expose information more widely and allow for intrusions that may result in the leakage of official secret information  and official Government information. If this situation is not controlled, it can cause many bigger problems in the future. In addition, there needs to be a balance between security controls that are too strict to limit the dissemination of service delivery information, with controls that are too loose that can be detrimental to the security or interests of the Public Service and the State.

Recognizing the importance of efforts to ensure ICT security, the Government's ICT Security Policy framework has been drafted based on strong ICT security principles, responsibility for information security, awareness of threats and measures to improve the level of information security. Accordingly, General Circular Number 3 of 2000 has instructed all government agencies to implement Information Security Management Systems (ISMS).

In line with that, UPM implements ISMS to ensure the continuity of information security management by minimizing the impact of ICT incidents so that information is always preserved, quickly retrieved and its security is controlled. The implementation of ISMS is also to facilitate the sharing of information in accordance with the operational needs of the entities involved in UPM. This can only be achieved by ensuring that all ICT assets within the ISMS scope are protected.

UPM is taking steps towards ISMS starting 8th December 2011  at the Infocomm Development Center (iDEC) with the initial scope focusing on the operation of the UPM Data Center including hardware (server and storage), data and information for critical applications as follows:

a.      University Main Website;

b.      Financial Management System;

c.      Human Resources Management System;

d.      Undergraduate Student Information System (SMP); and

e.      Postgraduate Student Information System (iGIMS).

The University Management has appointed Ts. Mohd Faizal Daud from iDEC, UPM as the first ISMS Deputy Management Representative (TWP) on 16th March 2012 to lead the implementation of ISMS at UPM. Then on 17th January 2019, the position of TWP ISMS was assumed by Ts. Krishnan Mariappan. Starting  1st July 2021 until now, Ts. Shahril Iskandar Amir is the new TWP ISMS appointed to replace the former TWP ISMS who has retired.

The First Stage Audit was held on 24th October 2012, followed by the Second Stage Audit on 19-20 December 2012. UPM has successfully passed the audit and obtained ISMS MS ISO/IEC 27001:2007 certification on 4th January 2013.