Role, Responsibility & Authority
Rector
Chief Digital Officer (CDO)
ISMS Steering Committee
IT Security Officer (ICTSO)
ISMS Working Committee
Document Controller
ISMS Coordinator
Risk Management Officer
Risk Owner
Internal Audit Team
Rector
The Rector has roles and responsibilities in matters such as the following:
- Ensure the enforcement of the Policy implementation;
- Ensure that all users understand and comply to the IIUM ICT Security Policy;
- Ensure adequate budget and resources are allocated to support ICT security initiatives, which includes staffing requirement and development, and adequate cybersecurity protections (awareness, training, cybersecurity equipment and infrastructure) in the University;
- Ensure risk management and cybersecurity initiatives for the University is implemented as required by the Procedure; and
- Appoint CDO.
Chief Digital Officer (CDO)
The CDO has roles and responsibilities in matters such as the following:
- Assist the Rector in the implementation of ICT Security initiatives;
- Ensure the implementation of ICT security controls within the service delivery system of the University;
- Ensure the ICT security controls are incorporated in the University’s ICT strategic planning;
- Oversee the implementation and coordination of training plans and ICT security awareness programs;
- Formulate and plan risk management and audit related to cybersecurity;
- Responsible for communicating ICT security incidents to the University management;
- Oversee the development and implementation of IIUM ICT Security Policy, procedures and guidelines to ensure align with best practices and legal/regulatory requirements
ISMS Steering Committee
The roles and responsibilities of the ISMS Steering Committee are as follows:
- Plan resource requirements related to the ISMS activities;
- Monitor the effectiveness of the ISMS implementation periodically;
- Approve any proposed documentation;
- Make any amendments to the ISMS scope of the Policy;
- Review and verify reports from ISMS Task;
- Recommend implementation of ISMS awareness and training;
- Review the ISMS scope;
- Review the criteria of risk acceptance, level of risk and risk treatment plan; and
- Review the procedure for internal audit.
IT Security Officer (ICTSO)
Roles and responsibilities ICT Security Officer (ICTSO) appointed are as follows:
- Enforce the IIUM ICT Security Policy to all users in the University;
- Establish and review guidelines and procedures in accordance with the IIUM ICT Security Policy;
- Coordinate and oversee the comprehensive ICT security initiatives;
- Implement the cybersecurity controls/action plan addressed in risk management for cybersecurity;
- Implement cybersecurity audits based on the cybersecurity controls/action plan;
- Issue alerts to the IIUM campus community regarding potential threats like viruses, and provide advice on protective measures;
- Disseminate information and raise awareness about the IIUM ICT Security Policy to all users;
- Report on ICT security incidents to the Incident Manager, IIUM ICT Computer Security Incident Response Team (CSIRT) and inform the ITD Management, ITD Director and the CDO;
- Report any ICT security-related matters or discoveries to the ITD Management;
- Collaborate with relevant parties to identify the source of threats or security incidents and promptly implement ICT remedial measures; and
- Plan and implement cybersecurity trainings and awareness programs.
ISMS Working Committee
The roles and responsibilities of the ISMS Steering Committee are as follows:
- Ensure compliance of ISMS ISO/IEC 27001:2022 standards.
- Identify resources needed to implement ISMS effectively.
- Assign roles and responsibilities for ISMS implementation.
- Identify Information Security Risks.
- Implement Risks Mitigation Plan.
- Implement required security controls based on ISO/IЕС 27001:2022 Annex A standard.
- Conduct the ISMS awareness and training programmes.
- Conduct and implement the corrective action, preventive action and improvements made to non-conformity within ISMS.
- Engaged in ISMS training, workshops and auditing activities.
Document Controller
The roles and responsibilities of Document Controller are as follows:
- Responsible for endorsing, managing, controlling, and maintaining all Information Security Management System documents and records in compliance with the standard’s requirements.
- To ensure that all policies, procedures, guidelines, and records are properly developed, reviewed, approved, updated, distributed, stored, and securely disposed of in a systematic and controlled manner.
- Responsible for administrative control of ISMS records, including registration, reference numbering and maintenance of records.
ISMS Coordinator
The roles and responsibilities of ISMS Coordinator are as follows:
- To carry out administrative work such as ISMS documentation and meetings at KCDIOM.
- To assist the Document Controller in synchronizing all ISMS documentation.
- The role responsible for coordinating, monitoring, and overseeing ISMS record management to ensure compliance with ISMS requirements.
Risk Management Officer
The roles and responsibilities of Risk Management Officer are as follows:
- Responsible for management of Risk Register.
- To propose and validate how to cope with risk based on a Risk Treatment Plan.
Risk Owner
The roles and responsibilities of Risk Owner are as follows:
- Responsible officer with accountability and authority to manage a specific risk.
- Responsible for making decisions regarding risk treatment (mitigate, transfer, accept, or avoid) and ensure that action plans are implemented to minimize negative impacts.
Internal Audit Team
The roles and responsibilities of Internal Audit Team are as follows:
- Responsible for conducting internal audits periodically.
- Responsible for reviewing processes and procedures, assessing compliance with ISMS standards and regulations, evaluating risks and developing recommendations to improve risk management.