Information Security Certification Body

Expanding and demonstrating professional expertise from encounters with new experiences and an endlessly changing horizon…

Information Security Certification Body or ISCB is a department within CyberSecurity Malaysia that manages certification services focusing on the information security. ISCB provides certification services against international standards and guidelines.


Click for more information


Among the certification services are:




MyCC Scheme



Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme is a systematic process for evaluating and certifying security functionality of ICT products based on defined criteria or standards. This scheme ensures high standards of competence and impartiality as it is based on the international standards of ISO/IEC 15408 which is known as Common Criteria (CC).





Information Security Management System (ISMS) Audit and Certification - CSM27001 Scheme



CyberSecurity Malaysia Information Security Management System (ISMS) Audit and Certification (CSM27001) Scheme is an audit and certification services offered to the organizations based on the ISO/IEC 27001 standard. It identifies data security breaches and reduces information security risks in an organization. Effective ISMS ensures organizational confidentiality, integrity and availability of information, thus, achieve business efficiency and minimise business loss.





Business Continuity Management System (BCMS)



BCMS Certification Scheme is a service offered to various organizations which envision resiliency based on the ISO 22301 international standard. It helps to plan an effective business continuity management to protect, reduce and ensure business recovers from disruptive incidents.






Technology Security Assurance (TSA)



Technology Security Assurance (TSA) is a national scheme specially developed for product evaluation and certification. It is MyCC fast-track which includes security evaluation, certification and assurance maintenance. The Security Functionality Testing and Penetration Testing evaluate local ICT products to identify vulnerability and assist organizations to understand and improve its security features.





Penetration Test Service Provider (PTSP)



Penetration Test Service Provider (PTSP) is a national scheme provided to the local penetration testing service providers and organizations that require penetrating test services. The service encourages local cybersecurity industries’ development and competitiveness to ensure organizational ethics are practiced according to guideline and best practices.