Insurance Services Malaysia Berhad (ISM), a shared services provider for the insurance and Takaful industry in Malaysia, announced yesterday its certification of ISO/IEC 27001:2005 through its deployment of Datacraft’s IT solutions.
ISO/IEC 27001:2005 is the recognised international standard to assure the confidentiality, integrity, and availability of the information assets of an organisation. This assurance is attained through controls that are created and maintained by corporate management. The standard requires that information security in 11 specific areas is addressed, including Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Information Security Incident Management, Business Continuity Management, and Compliance.
Awarded by SIRIM QAS International Sdn. Bhd, this certification marks ISM as the first Malaysian organisation to be certified for the entire operations of the company.
“Our information is ISM’s most valuable asset. Potential threats arise from both external and internal sources and can manifest as stolen intellectual property, denial of service to customers, unauthorized usage of critical resources, and malicious codes that alters or destroys valuable data,” said Carl Rajendram, CEO, ISM Insurance Services Malaysia Berhad.
“We decided to achieve the ISO/IEC 27001:2005 certification to ensure that, as a new organization whose primary asset is its vast insurance and takaful databases, a framework of continuous improvement of information security management was put in place.”
ISM was setup by the insurance and takaful industry in Malaysia in 2004. Takaful is an Islamic insurance concept which is grounded in Islamic muamalat (banking transactions), observing the rules and regulations of Islamic law. ISM provides database related services to enhance the competitiveness and efficiency of insurance and Takaful companies. These services include actuarial, statistical, information technology, anti-fraud, research and development.
“Datacraft kicked-off the project by establishing a steering committee to conduct a risk assessment map and develop a treatment plan, as well as a statement of applicability,” said Matthew Gyde, general manager, Security Solutions of Datacraft Asia.
“Following this, we were tasked to implement the work which involved developing policies and procedures, along with conducting security and awareness training for members and employees that was specifically customized to ISM's needs.”
The partnership between ISM and the Singapore based Datacraft will be ongoing via reviews and continuous monitoring to maintain the certification process.
“Datacraft will assist ISM by performing audits to ensure compliance with new security policies, that all documentation is in place for audits by SIRIM and developing a security metrics and measurement program to help ISM further improve their information security management system,” said Gyde.
“This initiative has yielded not only benefits for ISM but also the insurance and Takaful industry, culminating in the first Insurance & Takaful Information Security Seminar held today.
“By increasing information security awareness among the insurance and Takaful community we hope that we can transform and create a more conducive environment for greater adoption of information technology in the industry,” added Rajendram. |
