MEETING MINUTES FORM

ITS-FM02

MEETING INFORMATION
Title : Management Review Meeting for ISO/IEC 27001:2013
Objective : First Meeting for ISO/IEC 27001:2013 ISMS Implementation

nd
Date & Time :2 August 2017, 10.00 am Venue : Setapak Office
Attendees :
Present
Mr. Veerachai Charoensilpskul
Mr. Rawee Chaimongkol (Via Skype Conference)
Ms. Norlina Ramli (NR)
Mr. Cheong Wong Wai
Mr. Leong Choon Siew (LE)
Mr. Mohd Noor Fadli (FD)
Ms. Raihan Mohamed Isa (RA)

Apologies

Minute Recorder: Raihan Mohamed Isa

AGENDA

No. Topic Discussion Action

Chairman welcomed all
members to the first
Brief ISMS objectives, scope and
1 ISO/IEC 27001: 2013 nd
implementation starts on 2 May 2017
Management Review
Meeting
There was no previous meeting since this is
Previous Meeting Action
2 the first management review meeting for ISMS
Follow Up
implementation
Internal:
Employee: Disclosure of information, lack of
awareness, misuse company properties, not
practice screen lock out.
HR: Not provide updated user list, late
notification for resigned staff.
Policies: Lack of awareness. HR need to inform resigned staff
Change in External & Asset: Not update record, lack of on monthly basis
3
Internal Issues maintenance, over lifespan
External
Partner/Vendor: Disclosure of information,
unreliable service and not meet SLA,
misunderstanding
Customer: Customer dissatisfaction
Regulation: Legal requirement
Utilities: Service disruption
IS Policy have been endorsed by CFO. Three
manuals have been created and approved.15
ISMS Steering Committee &
Status of IS procedures have been created and approved.
3 ITSO are required to prepare for
Implementation Statement of Applicability (107 out of 114 are
the certification body audit
applicable to ISMS scope). Certification body
th th
audit by BSI (8 -9 August 2017).

INTERNAL USE
th
Effective Date : 25 April 2017

1
 MEETING MINUTES FORM
ITS-FM02
Issued CA:
a) Infrastructure and System Management : 7
b) Technical Support & Service : 3
Status of
c) Other :1
4 NonConformities &
d) Procurement & Account Management : 1
Corrective Action
e) Application Implementation & Support : 0
f) Application & Multimedia Development: 0

Based on Performance Measurement

parameters:
a) Meeting
b) Seminar and Training
c) Service Desk Management
d) Availability Management
e) Capacity Planning Review
f) Backup & Restoration
ITSO may expedite the
g) Desktop Maintenance
technology refreshment due to
Monitoring and h) Server Maintenance
5 low storage availability in order
Measurement Result i) Network Maintenance
to support new project
j) Vulnerability Assessment
implementation.
k) Data Center Maintenance
l) Disaster Recovery Simulation
m) Internal Audit for ISO 27001:2013
n) IT Asset Declaration 2017
o) Certification Body Audit for ISO
27001:2013
p) Telco Router Maintenance
q) Supplier Performance Evaluation
th th
The internal audit was conducted on 26 -27
July 2017
Non Conformity:
a) Event log history only up to 2 days for
application event and 6 days for system a) Increase log history at least
event. 1 month for log event
b) No change record in Manage IT Change for system, security, and
Sangfor Proof of Concept (POC) application.
installation. b) Add change request in
c) Storage VM is under agreed metric. Manage IT Change.
6 Internal Audit Result
Capacity Planning Result for quarter show c) Remove unused vm and
3 LUN is low. control new project
d) No action taken for computers with critical implementation.
warning in Sophos Central d) Reinstall Sophos software in
e) Some assets recorded by intern student effected computers
are improper. e) Recheck the inventory
Observation: record
Information Security Incident Management
Sampled of incident records, root cause and
solution are not defined for each incident
Feedback from Promote ISMS awareness. (Isms.cp-
7
Interested Parties malaysia.com)
Result of Risk Based on Risk Assessment Chart:
Technology refreshment target
8 Assessment & Status of High Risk – Hardware and Services
on next year
Risk Treatment Plan
a) To prepare service catalog page for related a) Done in it2017.cp-
Recommendation for ISMS scope malaysia.com
9
Improvement b) Install temperature and humidity sensor in b) FA to open PR and Infra
server room. Remove unattended key Team will arrange for

INTERNAL USE
th
Effective Date : 25 April 2017

2
 MEETING MINUTES FORM
ITS-FM02
c) Add ‘Rollback Plan’ in CHM-FM05 c) RA is require to update
Software Deployment Checklist form CHM-FM05 and fill DCC-
d) Expedite the technology refreshment for FM2 form.
primary data center due to low storage d) NR will call vendors for
availability. (CFO agreed) further discussion
e) Install Centralized Log Management to e) Infra team is require to study
monitor event logs for servers, network top centralized log
appliances and other to improve monitoring management. FA is require
process. to open IO, PR and PO once
f) Increase storage capacity to store more finalized.
backup coverage f) NR will call vendors for
further discussion

OTHER

No. Topic Action

Mr Veerachai would like to have meeting with ITSO on monthly basis to
1.
discuss about IT project implementation status and other issues.

INTERNAL USE
th
Effective Date : 25 April 2017