27th February 2025, Serdang – Documentation Section, Office of the Deputy Director of Service Quality Assurance, Quality Assurance Centre, is currently refining the Statement of Applicability (SOA) document for the Information Security Management System (ISMS) from MS ISO/IEC 27001:2013 to MS ISO/IEC 27001:2022. This workshop was held on 27 January 2025 at the Putra Learning Space, Universiti Putra Malaysia, following a previous workshop held on 12 December 2024. A total of 19 participants attended this workshop, consisting of the ISMS Team Leaders, who are also members of the ISMS Working Committee, Universiti Putra Malaysia.
The objective of this workshop was to refine and validate the applicable documents in line with the new ISMS standard MS ISO/IEC 27001:2013 and MS ISO/IEC 27001:2022. One of the key changes discussed was the revision of the Statement of Applicability (SOA), where the previous standard included 114 controls, while the new standard has reduced the number to 93 controls. These are categorized into four (4) main control types: Organizational Controls, People Controls, Physical Controls, and Technological Controls. Each team held discussions in small groups and provided the latest information as required.
Throughout the workshop, a cross-checking process was conducted by each ISMS team/entity, and the reference documents were updated in accordance with the determined Statement of Applicability. Overall, participants provided feedback on the effectiveness of the workshop, rating it on a scale of 4 to 5. As a result of this workshop, the ISMS Secretariat, UPM will organize a risk assessment workshop using the newly enhanced or updated risk assessment system, MyRAM.

Date of Input: 28/03/2025 | Updated: 28/03/2025 | aidawati