The implementation of ISMS ensures the achievement of the following objectives:
- Confidentiality of information
- Integrity of information
- Availability of information with minimal risk of disruption
The following are among the important efforts taken in achieving the ISMS objectives:
- Regulatory compliance
- Disaster recovery plan
- Risk management procedure
- Continual monitoring and improvement via periodical audit, review and assessment
- Business continuity plan
- Information security incident reporting and response procedure
- Procedures and policies in relation to daily business operational process such as the aspects of application installation, backup and restoration, correspondences, hardware and software movement or disposal, laptop policy, logical and physical access, management of records and document etc.