Overview
Upholding Trust Through Advanced Cybersecurity Standards
Cybersecurity is a cornerstone of our operations. As custodians of the ePerolehan system, we are entrusted with safeguarding critical data that flows through it nationwide. This includes information from both government entities and private businesses, all of which we treat with the utmost care and responsibility. In doing so, we adopt industry-leading standards, legal compliance frameworks, and disciplined internal governance to ensure the confidentiality, integrity, and availability of all critical data.
Information Security Management System (ISMS) – ISO/IEC 27001:2022
CDC is certified under the ISO/IEC 27001:2022 Information Security Management System (ISMS), a globally recognised framework that supports our proactive, risk-based approach to safeguarding information assets. This certification ensures that CDC adheres to international best practices, including:
Structured risk assessment and mitigation
for both digital and physical information assets.
Clearly defined security policies, roles, and responsibilities
to ensure accountability at all organisational levels.
Robust access controls and information asset classification
to prevent unauthorised access and data leakage.
Continuous improvement
in managing security incidents and enhancing operational resilience.
Independent auditing and internal reviews
to verify compliance and identify areas for enhancement.
Compliance with National Cybersecurity Laws
CDC aligns its information security practices with key Malaysian legal and regulatory frameworks, including:
Personal Data Protection Act (PDPA)
Ensures the responsible processing, storage, and protection of personal data belonging to customers, suppliers, and employees.
Financial Procedure Act 1957 (Revised 1972)
Governs the integrity, transparency, and accountability of financial operations and digital recordkeeping.
National Cyber Security Policy (NCSP)
Supports the protection of National Critical Information Infrastructure (NCII), reinforcing national resilience and economic stability.
Communications and Multimedia Act 1998 (CMA)
Ensures compliance with communications and multimedia regulations, especially in the digital services sector.
Governance, Awareness, and Monitoring
CDC enforces a comprehensive information security governance model, including:
Policy Enforcement
All cybersecurity activities are governed by formal IT and Information Security Policies, reviewed and updated annually, and enforced organisation-wide.
Real-Time Monitoring and Incident Response
Ensures 24/7 monitoring, swift incident detection, and well-defined escalation and response procedures.
Employee Accountability and Training
All employees undergo regular training to handle information responsibly, use corporate resources securely, and report security incidents promptly.
Third-Party Risk Management
We assess and monitor vendors and partners to ensure they meet our security expectations and compliance requirements.
