Laporan Tahunan Jabatan Perkhidmatan Awam 2018

JPA | 105 others: - • Holding a few improvements activities before facing an audit session. Among activities implemented are those such as risk management workshop, proofreading documents workshop and internal as well as external audit session. The relevant activities will be aligned by the Pasukan Pelaksana ISMS, BPMS & INTAN. • An internal audit session involving 10 trained auditors that has been assigned to perform audit in BPMS and INTAN. This Audit session is also conducted at least once before an external audit session is conducted. The findings of the audit will be communicated to the ISMS Pelaksana Team, BPMS & INTAN so that improvements/ corrections could be implemented before an external audit session is performed. • An external audit session will be conducted together with a certified body which will issue ISO/IEC 27001:2013 certification on to JPA, for having been successfully in compliance with the ISO/IEC 27001:2013 standard. This audit session is also known as a monitoring audit for agencies, to monitor and ensure agencies remain compliance and implement continuous improvements. The ISMS Proofreading Document Workshop was an activity that had been held early on the 19- 21 February 2018. This activity is to ensure documents in relation to ISMS and the developed SOP meets the current work process that is being run while adhering to the ISMS certification requirements. The selection of the participants is based on the involvement of the officers in the JPA ISMS implementation scope. The total of participants involved is 27 persons from various position grade – TP, KPP, PP and PPTM in BPMS and i-MATEC, INTAN. Workshop activities are conducted in discussion groups with reference to documents under the supervision of each sector group. Risk Assessment conducted by BPMS & INTAN is based on the assets involved in the certification scope. The Risk Assessment workshop was held on the 6-8 March 2018 to identify the level of risk for each asset as well as to set the appropriate control to reduce the risk on the relevant asset. The assessment method is by using MyRAM System App which is supervised and monitored by MAMPU. 30 persons from Pasukan Pelaksana ISMS, BPMS & INTAN were involved in making the activity a success. ISMS Awareness Workshop was also held on the 28 June 2018 to ensure the level of awareness of the officers involved in the ISMS scope in BPMS and INTAN, Bukit Kiara is at a satisfactory level as well as being able to meet one of the requirements of the ISMS and maintaining the existing ISMS. The briefing of the workshop is divided into two (2) sessions which are i) Background & ICT Security; and ii) ISMS & ISMS Implementation in JPA. Also, in this workshop, all participants will participate in the ISO/ IEC 27001:2013 quiz activities to test the participant’s understanding before and after the briefing. In addition to that, participants are also involved in the group discussion sessions. SIRIM Audit Session for ISO/IEC 27001:2013 recertification was also held on the 18 -20 September 2018 with the involvement of 3 auditor from SIRIM led by Puan Noridah binti Yahya. A total of 2 auditor had been placed in BPMS whereas one was placed in INTAN. The findings result of the audit had discovered: • Audit was performed by trained internal auditors; • All process related to ISMS and security control 113 in BPMS and security control 114 in INTAN was performed according to the standard’s requirement; and • Increased level of understanding and awareness of the importance of information security system JPA has obtained recertification on the 11 October 2018 for the 3rd year of certification. The certification period begins on the 11 October 2018 – 9 October 2021.