Objectives of ISMS Implementation

The implementation of the Information Security Management System (ISMS) at IIUM is driven by the following strategic objectives:

i. To Protect Information Data and Assets
To ensure that all forms of information—whether digital, physical, or intellectual—are adequately protected against unauthorized access, disclosure, alteration, and destruction. This includes safeguarding sensitive data such as student records, examination materials, research data, and administrative information.

ii. To Comply with ISO/IEC 27001:2022 Standard
To establish and maintain a robust ISMS framework that fully complies with the requirements of ISO/IEC 27001:2022, thereby enabling the university to achieve formal certification and demonstrate adherence to internationally accepted best practices in information security management.

iii. To Improve Data Confidentiality, Integrity, and Availability (CIA Triad)
To strengthen the three core principles of information security:

• Confidentiality – Ensuring that information is accessible only to authorized individuals
• Integrity – Maintaining the accuracy, completeness, and reliability of information
• Availability – Ensuring that information and systems are accessible when needed

iv. To Foster a Security-Aware Culture
To cultivate a culture of information security awareness and responsibility among staff, students, and stakeholders through continuous training, awareness programmes, and policy enforcement. This includes promoting best practices such as secure password management, phishing awareness, and responsible data handling.