{"id":13406,"date":"2026-03-30T13:42:17","date_gmt":"2026-03-30T13:42:17","guid":{"rendered":"https:\/\/division.iium.edu.my\/itd\/?page_id=13406"},"modified":"2026-03-30T13:56:35","modified_gmt":"2026-03-30T13:56:35","slug":"isms-roleresponsibilityauthority","status":"publish","type":"page","link":"https:\/\/division.iium.edu.my\/itd\/isms-roleresponsibilityauthority\/","title":{"rendered":"ISMS &#8211; Role, Responsibility &amp; Authority"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"13406\" class=\"elementor elementor-13406\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1db77e6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1db77e6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c66316a\" data-id=\"c66316a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0aed41f elementor-widget elementor-widget-heading\" data-id=\"0aed41f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Role, Responsibility &amp; Authority<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1f59c8a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1f59c8a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-365eb4f\" data-id=\"365eb4f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-15cbeec elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"15cbeec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2281\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-2281\" aria-expanded=\"false\">Rector<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2282\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2282\" aria-expanded=\"false\">Chief Digital Officer (CDO)<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2283\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2283\" aria-expanded=\"false\">ISMS Steering Committee<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2284\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2284\" aria-expanded=\"false\">IT Security Officer (ICTSO)<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2285\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2285\" aria-expanded=\"false\">ISMS Working Committee<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2286\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2286\" aria-expanded=\"false\">Document Controller<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2287\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"7\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2287\" aria-expanded=\"false\">ISMS Coordinator<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2288\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"8\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2288\" aria-expanded=\"false\">Risk Management Officer<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-2289\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"9\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2289\" aria-expanded=\"false\">Risk Owner<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-22810\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"10\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-22810\" aria-expanded=\"false\">Internal Audit Team<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-2281\" aria-expanded=\"false\">Rector<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2281\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2281\" tabindex=\"0\" hidden=\"false\"><p><span style=\"color: #000000;\">The Rector has roles and responsibilities in matters such as the following:<\/span><\/p><ul><li><span style=\"color: #000000;\">Ensure the enforcement of the Policy implementation;<\/span><\/li><li><span style=\"color: #000000;\">Ensure that all users understand and comply to the IIUM ICT Security Policy;<\/span><\/li><li><span style=\"color: #000000;\">Ensure adequate budget and resources are allocated to support ICT security initiatives, which includes staffing requirement and development, and adequate cybersecurity protections (awareness, training, cybersecurity equipment and infrastructure) in the University;<\/span><\/li><li><span style=\"color: #000000;\">Ensure risk management and cybersecurity initiatives for the University is implemented as required by the Procedure; and<\/span><\/li><li><span style=\"color: #000000;\">Appoint CDO.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2282\" aria-expanded=\"false\">Chief Digital Officer (CDO)<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2282\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2282\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The CDO has roles and responsibilities in matters such as the following:<\/span><\/p><ul><li><span style=\"color: #000000;\">Assist the Rector in the implementation of ICT Security initiatives;<\/span><\/li><li><span style=\"color: #000000;\">Ensure the implementation of ICT security controls within the service delivery system of the University;<\/span><\/li><li><span style=\"color: #000000;\">Ensure the ICT security controls are incorporated in the University\u2019s ICT strategic planning;<\/span><\/li><li><span style=\"color: #000000;\">Oversee the implementation and coordination of training plans and ICT security awareness programs;<\/span><\/li><li><span style=\"color: #000000;\">Formulate and plan risk management and audit related to cybersecurity;<\/span><\/li><li><span style=\"color: #000000;\">Responsible for communicating ICT security incidents to the University management;<\/span><\/li><li><span style=\"color: #000000;\">Oversee the development and implementation of IIUM ICT Security Policy, procedures and guidelines to ensure align with best practices and legal\/regulatory requirements<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2283\" aria-expanded=\"false\">ISMS Steering Committee<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2283\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2283\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of the ISMS Steering Committee are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Plan resource requirements related to the ISMS activities;<\/span><\/li><li><span style=\"color: #000000;\">Monitor the effectiveness of the ISMS implementation periodically;<\/span><\/li><li><span style=\"color: #000000;\">Approve any proposed documentation;<\/span><\/li><li><span style=\"color: #000000;\">Make any amendments to the ISMS scope of the Policy;<\/span><\/li><li><span style=\"color: #000000;\">Review and verify reports from ISMS Task;<\/span><\/li><li><span style=\"color: #000000;\">Recommend implementation of ISMS awareness and training;<\/span><\/li><li><span style=\"color: #000000;\">Review the ISMS scope;<\/span><\/li><li><span style=\"color: #000000;\">Review the criteria of risk acceptance, level of risk and risk treatment plan; and<\/span><\/li><li><span style=\"color: #000000;\">Review the procedure for internal audit.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2284\" aria-expanded=\"false\">IT Security Officer (ICTSO)<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2284\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2284\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">Roles and responsibilities ICT Security Officer (ICTSO) appointed are as follows:\u00a0<\/span><\/p><ul><li><span style=\"color: #000000;\">Enforce the IIUM ICT Security Policy to all users in the University;<\/span><\/li><li><span style=\"color: #000000;\">Establish and review guidelines and procedures in accordance with the IIUM ICT Security Policy;<\/span><\/li><li><span style=\"color: #000000;\">Coordinate and oversee the comprehensive ICT security initiatives;<\/span><\/li><li><span style=\"color: #000000;\">Implement the cybersecurity controls\/action plan addressed in risk management for cybersecurity;<\/span><\/li><li><span style=\"color: #000000;\">Implement cybersecurity audits based on the cybersecurity controls\/action plan;<\/span><\/li><li><span style=\"color: #000000;\">Issue alerts to the IIUM campus community regarding potential threats like viruses, and provide advice on protective measures;<\/span><\/li><li><span style=\"color: #000000;\">Disseminate information and raise awareness about the IIUM ICT Security Policy to all users;<\/span><\/li><li><span style=\"color: #000000;\">Report on ICT security incidents to the Incident Manager, IIUM ICT Computer Security Incident Response Team (CSIRT) and inform the ITD Management, ITD Director and the CDO;<\/span><\/li><li><span style=\"color: #000000;\">Report any ICT security-related matters or discoveries to the ITD Management;<\/span><\/li><li><span style=\"color: #000000;\">Collaborate with relevant parties to identify the source of threats or security incidents and promptly implement ICT remedial measures; and<\/span><\/li><li><span style=\"color: #000000;\">Plan and implement cybersecurity trainings and awareness programs.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2285\" aria-expanded=\"false\">ISMS Working Committee<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2285\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2285\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of the ISMS Steering Committee are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Ensure compliance of ISMS ISO\/IEC 27001:2022 standards.<\/span><\/li><li><span style=\"color: #000000;\">Identify resources needed to implement ISMS effectively.<\/span><\/li><li><span style=\"color: #000000;\">Assign roles and responsibilities for ISMS implementation.<\/span><\/li><li><span style=\"color: #000000;\">Identify Information Security Risks.<\/span><\/li><li><span style=\"color: #000000;\">Implement Risks Mitigation Plan.<\/span><\/li><li><span style=\"color: #000000;\">Implement required security controls based on ISO\/I\u0415\u0421 27001:2022 Annex A standard.<\/span><\/li><li><span style=\"color: #000000;\">Conduct the ISMS awareness and training programmes.<\/span><\/li><li><span style=\"color: #000000;\">Conduct and implement the corrective action, preventive action and improvements made to non-conformity within ISMS.<\/span><\/li><li><span style=\"color: #000000;\">Engaged in ISMS training, workshops and auditing activities.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2286\" aria-expanded=\"false\">Document Controller<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2286\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2286\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of Document Controller are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Responsible for endorsing, managing, controlling, and maintaining all Information Security Management System documents and records in compliance with the standard\u2019s requirements.<\/span><\/li><li><span style=\"color: #000000;\">To ensure that all policies, procedures, guidelines, and records are properly developed, reviewed, approved, updated, distributed, stored, and securely disposed of in a systematic and controlled manner.<\/span><\/li><li><span style=\"color: #000000;\">Responsible for administrative control of ISMS records, including registration, reference numbering and maintenance of records.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"7\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2287\" aria-expanded=\"false\">ISMS Coordinator<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2287\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"7\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2287\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of ISMS Coordinator are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">To carry out administrative work such as ISMS documentation and meetings at KCDIOM.<\/span><\/li><li><span style=\"color: #000000;\">To assist the Document Controller in synchronizing all ISMS documentation.<\/span><\/li><li><span style=\"color: #000000;\">The role responsible for coordinating, monitoring, and overseeing ISMS record management to ensure compliance with ISMS requirements.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"8\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2288\" aria-expanded=\"false\">Risk Management Officer<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2288\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"8\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2288\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of Risk Management Officer are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Responsible for management of Risk Register.<\/span><\/li><li><span style=\"color: #000000;\">To propose and validate how to cope with risk based on a Risk Treatment Plan.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"9\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-2289\" aria-expanded=\"false\">Risk Owner<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-2289\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"9\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-2289\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of Risk Owner are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Responsible officer with accountability and authority to manage a specific risk.<\/span><\/li><li><span style=\"color: #000000;\">Responsible for making decisions regarding risk treatment (mitigate, transfer, accept, or avoid) and ensure that action plans are implemented to minimize negative impacts.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"10\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-22810\" aria-expanded=\"false\">Internal Audit Team<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-22810\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"10\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-22810\" tabindex=\"0\" hidden=\"hidden\"><p><span style=\"color: #000000;\">The roles and responsibilities of Internal Audit Team are as follows:<\/span><\/p><ul><li><span style=\"color: #000000;\">Responsible for conducting internal audits periodically.<\/span><\/li><li><span style=\"color: #000000;\">Responsible for reviewing processes and procedures, assessing compliance with ISMS standards and regulations, evaluating risks and developing recommendations to improve risk management.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Role, Responsibility &amp; Authority Rector Chief Digital Officer (CDO) ISMS Steering Committee IT Security Officer (ICTSO) ISMS Working Committee Document Controller ISMS Coordinator Risk Management Officer Risk Owner Internal Audit<\/p>\n","protected":false},"author":37,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":{"1":"page","2":"type-page","3":"status-publish","4":"hentry"},"_links":{"self":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/13406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/comments?post=13406"}],"version-history":[{"count":44,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/13406\/revisions"}],"predecessor-version":[{"id":13450,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/13406\/revisions\/13450"}],"wp:attachment":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/media?parent=13406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}