Local information security standard
24th May 2004 (Computimes)
By Shyla Sangaran

SIRIM QAS International Sdn Bhd will introduce a local standard for information security management.

The move by the subsidiary of Sirim Bhd is intended to provide the private sector a basis for developing organisational security standards and effective security management practice.

Its standards general manager Rajinder Raj said the draft had already been approved by the Science, Technology and Innovation Ministry and is in the midst of being published.

He said with the standard in place the private sector would have local guidelines besides the ISO17799, which is an internationally recognised information security management standard.

"We have totally adopted the ISO 17799:2000 standard, which is equivalent to the BS 7799-1: 1999, as a Malaysian standard called the MS ISO 17799: 2002 standard," Rajinder told Computimes.

Sirim has also adapted the BS 7799-2:1999 and converted it to become the MS 1537:2002 standard. Recently, it also revised the MS 1537:2002 and adapted the BS 7799-2:2002 to become MS 1537 (First Revision).

In a related development, Sirim is carrying out a pilot programme on an Information Security Management System (ISMS) Certification scheme where the audits are carried out against the BS7799 -2:2002.

Within the pilot, a preliminary audit to assess the adequacy of the organisation's ISMS documents, and a compliance audit to assess whether the organisation has implemented the ISMS in compliance with the BS 7799 and the organisation's procedures, will be carried out.

Rajinder said Sirim QAS is working very closely with the National ICT Security and Emergency Response Centre (Niser) for technical consultancy during the pilot programme of the ISMS certification scheme.

He added that the company also plans to apply for the accreditation from the UK Accreditation Service (UKAS), the UK national accreditation body, for the ISMS certification scheme.