Information Security Management System (ISMS) Risk Assessment Review Workshop Series 1/2025

» NEWS » Information Security Management System (ISMS) Risk Assessment Review Workshop Series 1/2025

31 July 2025, Serdang – The Center for Quality Assurance had organized the Universiti Putra Malaysia (UPM) Information Security Management System (ISMS) Risk Assessment Review Workshop Series 1/2025 on 31 July to 1 August 2025. This workshop was held to review the ISMS risk assessment from the March 2025 risk assessment, the findings of the ISMS Internal Audit Year 2025 and the latest changes to the processes and assets involved in the implementation of ISMS by each ISMS team at UPM. In addition, this workshop is also in preparation for UPM in facing the SIRIM ISMS Review 1 Monitoring Audit Year 2025 which will take place on 22 to 26 September 2025. This workshop involves all risk members of each team, namely:

New Graduate Student Registration Team;

Undergraduate New Student Registration Team (Serdang Campus);

New Undergraduate Student Registration Team (UPM Sarawak);

Data Center Team; and

Faculty Undergraduate Teaching Evaluation Team.

This risk review workshop was conducted by Mr. Wan Hafizi Wan Ismail, ISMS Risk Coordinator, UPM and was also assisted by Mrs. Nurainakmal Kamal Bahrin as UPM ISMS Coordinator.

This risk assessment is carried out with the aim of assessing the level of risk of the assets involved in the process, which involves the scope of the ISMS so that the most effective approaches and decisions are identified to provide protection and control over the risks of the assets concerned, based on the Public Sector Information Security Risk Management Guidelines. Updating the UPM MyRAM system is carried out when there are changes or additions to assets within the scope of the ISMS involved. Assets are assessed as either low , medium or high based on the main security characteristics, namely confidentiality , integrity and availability .

Through the risk assessment review of March 2025, a total of 779 assets were assessed with a total threat/risk of 1333. The results of the assessment made in March 2025 recorded 38 risks at a moderate level and 1295 risks at a low level and no risks at a high level. Meanwhile, the results of the risk assessment for the July 2025 review, a total of 802 assets were assessed with a total threat/risk of 1345. The results of the assessment made in July 2025 recorded 40 risks at a moderate level and 1345 risks at a low level and no risks at a high level.

This risk assessment report will be presented at the 2025 ISO UPM Management Review Meeting (MKSP) for the ISO 9001 Quality Management System (QMS) and ISO 27001 Information Security Management System (ISMS) on 19 August 2025. Overall, the objectives of this workshop were achieved and every action taken will be monitored from time to time and relevant changes made if necessary.

News written by : Nurainakmal Kamal Bahrin

Date of Input: 25/09/2025 | Updated: 18/11/2025 | aidawati

MEDIA SHARING

31 July 2025, Serdang – The Center for Quality Assurance had organized the Universiti Putra Malaysia (UPM) Information Security Management System (ISMS) Risk Assessment Review Workshop Series 1/2025 on 31 July to 1 August 2025. This workshop was held to review the ISMS risk assessment from the March 2025 risk assessment, the findings of the ISMS Internal Audit Year 2025 and the latest changes to the processes and assets involved in the implementation of ISMS by each ISMS team at UPM. In addition, this workshop is also in preparation for UPM in facing the SIRIM ISMS Review 1 Monitoring Audit Year 2025 which will take place on 22 to 26 September 2025. This workshop involves all risk members of each team, namely: New Graduate Student Registration Team; Undergraduate New Student Registration Team (Serdang Campus); New Undergraduate Student Registration Team (UPM Sarawak); Data Center Team; and Faculty Undergraduate Teaching Evaluation Team. This risk review workshop was conducted by Mr. Wan Hafizi Wan Ismail, ISMS Risk Coordinator, UPM and was also assisted by Mrs. Nurainakmal Kamal Bahrin as UPM ISMS Coordinator. This risk assessment is carried out with the aim of assessing the level of risk of the assets involved in the process, which involves the scope of the ISMS so that the most effective approaches and decisions are identified to provide protection and control over the risks of the assets concerned, based on the Public Sector Information Security Risk Management Guidelines. Updating the UPM MyRAM system is carried out when there are changes or additions to assets within the scope of the ISMS involved. Assets are assessed as either low , medium or high based on the main security characteristics, namely confidentiality , integrity and availability . Through the risk assessment review of March 2025, a total of 779 assets were assessed with a total threat/risk of 1333. The results of the assessment made in March 2025 recorded 38 risks at a moderate level and 1295 risks at a low level and no risks at a high level. Meanwhile, the results of the risk assessment for the July 2025 review, a total of 802 assets were assessed with a total threat/risk of 1345. The results of the assessment made in July 2025 recorded 40 risks at a moderate level and 1345 risks at a low level and no risks at a high level. This risk assessment report will be presented at the 2025 ISO UPM Management Review Meeting (MKSP) for the ISO 9001 Quality Management System (QMS) and ISO 27001 Information Security Management System (ISMS) on 19 August 2025. Overall, the objectives of this workshop were achieved and every action taken will be monitored from time to time and relevant changes made if necessary.



News written by : Nurainakmal Kamal Bahrin