4 Compliance Review

Compliance Review

4.1 Introduction Periodic compliance review provides a mechanism for the School ICT Coordinator to determine the status of the ICT security programme, and where necessary, to identify weaknesses for the purpose of improvement. It also serves as a mechanism for MoE to gather feedback on the effectiveness of existing operations from the School ICT Coordinator.

4.2 Purpose The purpose of this topic is to provide procedural guidelines for the School ICT Coordinator to: a) b) c) conduct the compliance review every six (6) months; monitor the control areas more efficiently; and review the self-assessment checklist for compliance.

4.3 Guidelines 4.3.1 Periodic Compliance Review a) The School ICT Coordinator should perform periodic compliance reviews to ensure that the implementation of ICT security controls complies with guidelines and procedure provided by the school management and this document. The School ICT Coordinator is advised to record justification for any deviation (or non-compliance) considered. The School ICT Coordinator should continuously improve the security infrastructure based on recommendations and advice from relevant authorities.

b)

c)

4.3.2 Review Process a) The compliance review should take the form of a questionnaire (see Appendix A: Compliance Review Checklist) that is completed by the School ICT Coordinator.

10

4 Compliance Review

b)

The relevant authorities have the right to allow or disallow exemption after weighing the security risk. The School ICT Coordinator will be notified by the relevant authorities about the decisions in writing together with recommendations to achieve compliance (if exemption is not allowed). The compliance review has to be conducted every six (6) months and the outcome sent to: Director Educational Technology Division Ministry of Education Pesiaran Bukit Kiara 50604 Kuala Lumpur (Attn.: Infrastructure and Repository Sector)

c)

d)

11