ASEAN TrustMark Alliance

ACPM IT Sdn bhd
ACPM IT Sdn bhd
  • Home
  • Our Technology
  • Managed Security Services
  • PECB Online Training
  • Online Training
  • ACPMIT Digital Learning
  • TrustSeal from BakerTilly
  • Contact Us
  • More
    • Home
    • Our Technology
    • Managed Security Services
    • PECB Online Training
    • Online Training
    • ACPMIT Digital Learning
    • TrustSeal from BakerTilly
    • Contact Us
  • Home
  • Our Technology
  • Managed Security Services
  • PECB Online Training
  • Online Training
  • ACPMIT Digital Learning
  • TrustSeal from BakerTilly
  • Contact Us

Working and thinking globally.

Working and thinking globally.Working and thinking globally.Working and thinking globally.

We provide variety of training and implementation programs for ISO standard and governance, risk & compliance requirements.  

Contact Us

Connect With Us

About Us

Who We Are?

ACPM IT Sdn Bhd is and a part of ACPM network of firms headquartered in Budapest, Hungary.  We provide a variety of training and implementation programs for ISO standards and governance, risk and compliance requirements. 


We have our in-house developed product from Budapest for small and medium sized businesses who are working from home. SecureOffice is a secure, fast-to-deploy, budget-friendly web based platform where you can can share file and communicate to your colleagues securely via cloud.


Our management consulting services focus on our clients' most critical issues and opportunities: strategy, operations, technology, transformation, digital, advanced analytics, corporate finance, audit across all industries and geographies. We bring deep, functional expertise, but are known for our holistic perspective: we capture value across boundaries and between the silos of any organization. We have proven a multiplier effect from optimizing the sum of the parts, not just the individual pieces. 

OUR SERVICES

End to End Cyber Security

Our experience in IT security across multiple industries allows us to help our clients see their challenges from a new perspective. Our experts have over 20 years of experience in various fields of IT Security. 

IT Audit

 We provide audit services for IT systems of organizations with various business profiles. 

Program and Project Management

 We have experienced in program and project management tasks related to IT projects as well as strategic planning related to it. Our range of services on this field are: 

XBRL and Trustmark Services

 We are working with a team of internationally experienced specialists who are able to provide extensive support to any organization trying to manage its XBRL compliance and operational challenges. 


 We are an international Trustmark Operator based in Europe. As part of ASEAN Trustmark Alliance with our Malaysian office, ACPM helps trustful businesses with its Trustmark operation. We issue Trustmark seals to businesses with reliable online presence after auditing their services, which promotes online business trust. For more information on our Trustmark services, please get in contact with us here. 

Training

 We provide a great variety of training programs in the different fields of IT security. From introductory training programs, management IT security training programs to in-depth defensive and offensive cyber-security training courses, we cover an extensive range of topics related to information technology. ACPM’s experts are ready to provide your team with IT training in our facilities or your own office, according to your requirements. We are also able to customize training programs for to your specific needs. For our current range of training courses, please get in contact with us here. .

Digital Banking Consultancy Services

 We provide digital banking consultancy services for financial institutions. ACPM brings experiences of assist clients in implementing digital banking solution both Islamic and conventional. Click the link below to find out more.

Find out more

Coronavirus pandemic

How can we help during this crisis

Malaysian businesses is on slowdown as Prime Minister has announced the Movement Control Order which started from 18 March 2020 till 31 March 2020 to prevent the spread of COVID-19. We are ready to assist businesses on practical advice on how to keep your business running during this troubled times.

 

Organization preparedness

Communication is key in a time of crisis. Your organization should identify a small, cross-functional group of people responsible for key communications to both employees and customers. Since the impact of COVID-19 is localized, but also changes daily, it’s important that this team be able to monitor news from the geographic areas specific to the organization’s employees and customers, and communicate this news effectively.


Take care of employees

For your employees, make sure there is a central, reliable system to communicate day-to-day changes related to COVID-19. This platform may be a combination of the organization’s website, e-mail, and a 1-800 number but should be broadcast widely so employees can access relevant information easily from the office, home, or the road.


Take care of clients, customers and your supply chain

While customers and suppliers may understand that the spread of COVID-19 will impact your business, they need to be reassured that you have a plan to mitigate the impact of the virus on shipments, sales calls, customer service, or other parts of the business.

Learn More

Our global coronavirus resource center  provides organizations with preparedness support for their employees, customers and supply chain.  Click the link to find out more.

Find out more

GUIDANCE ADDRESSES ‘EFFECTIVENESS’ OF COMPLIANCE PROGRAMS

Background

 The DOJ issued New April 2019 Guidance  (“Guidance”, or “2019 Guidance”) detailing how prosecutors will evaluate the effectiveness of corporate programs to prevent fraud and other misconduct, a key consideration in determining the penalties imposed against companies.  This is an update from the On February 8, 2017, the DOJ published Guidance entitled, “Evaluation of Corporate Compliance Programs”. 


 The 2019 Guidance contains 12 high-level topics (below) that are grouped to track the Three Core Questions about compliance program effectiveness contained in Section 9-28.800 of the Justice Manual and candidly are the key questions the board of directors should be asking.  After all it’s expected the the organization’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight” of it (See U.S.S.G. § 8B2.1(b)(2)(A)-(C)). 


 Three Core Questions

  1. Is the Corporation’s Compliance Program Well Designed?
  2. Is the Corporation’s Compliance Program Being Implemented Effectively?
  3. Does the Corporation’s Compliance Program Work in Practice?

The High-level Topics

  1. Risk Assessment
  2. Policies and Procedures
  3. Training and Communications
  4. Confidential Reporting Structure and Investigation Process
  5. Third Party Management
  6. Mergers and Acquisitions (M&A)
  7. Commitment by Senior and Middle Management
  8. Autonomy and Resources
  9. Incentives and Disciplinary Measures
  10. Continuous Improvement, Periodic Testing, and Review
  11. Investigation of Misconduct
  12. Analysis and Remediation of Any Underlying Misconduct

Under each of the above topics, the 2019 Guidance sets forth multiple sample questions that prosecutors are likely to ask during an investigation. A few examples are:

  • Risk Assessment: Risk Management ProcessWhat methodology has the company used to identify, analyze, and address the particular risks it faced?
  • Training and Communications: Risk Based Training What training have employees in relevant control functions received?
    • Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred?
  • Confidential Reporting Structure and Investigation Process: Effectiveness of the Reporting MechanismDoes the company have an anonymous reporting mechanism, and, if not, why not?
    • How is the reporting mechanism publicized to the company’s employees?
    • Has it been used?
    • How has the company assessed the seriousness of the allegations it received
    • Has the compliance function had full access to reporting and investigative information?
  • Mergers and Acquisitions (M&A): Process Connecting Due Diligence to Implementation What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process
    • What has been the company’s process for implementing compliance policies and procedures at new entities?
  • Commitment by Senior and Middle Management: Conduct at the Top How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation?
    • What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts?
    • How have they modelled proper behavior to subordinates?
    • Have managers tolerated greater compliance risks in pursuit of new business or greater revenues?
    • Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
  • Continuous Improvement, Periodic Testing, and Review: Internal AuditWhat is the process for determining where and how frequently internal audit will undertake an audit, and what is the rationale behind that process?
    • How are audits carried out?
    • What types of audits would have identified issues relevant to the misconduct
    • Did those audits occur and what were the findings?
    • What types of relevant audit findings and remediation progress have been reported to management and the board on a regular basis?
    • How have management and the board followed up?
    • How often does internal audit conduct assessments in high-risk areas?
  • Continuous Improvement, Periodic Testing, and Review: Properly Scoped Investigation by Qualified PersonnelHow has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?

Some Other Points of Focus

  • Compliance must adopt a risk-based approach (See Closing Thoughts below).
  • Compliance must have appropriate processes for the submission of complaints, and processes to protect whistleblowers.
  • The word “resource” appears 21 times in the Guidance, so I am certain that if your organization is not properly resourced that will more likely than not be a problem.
  • Compliance must have independent access to the Board and Audit Committee.
  • Compliance needs to be integrated with other functions like internal audit, and depending on structure, the legal function. 
  • Compliance must adopt strong third-party controls.

The 2019 Guidance seeks to understand how the organization approaches compliance and then what worked and what didn’t.  So, one might consider reading both the old and new Guidance to understand how the evaluation of an organization’s compliance programs has changed.

If you are going to have your organization’s compliance program evaluated and you should!

GDPR - OnE YEAR ON

FACTS ABOUT GDPR

The new General Data Protection Regulation (GDPR) came in to force from 25 May 2018.

  They are a significant upgrade to the existing Data Protection regulations that have been in place since 1998. The upgrade is required to meet the new developments in data use over the past 20 years. Simple examples are the use of cookies that track internet viewing habits or supermarket loyalty cards that record purchases.

  

The aim of data use by businesses is to target advertising more efficiently. However, data users have not always explained how this works or allowed individuals to opt out. There is also a secondary market for this data where details are bought and sold without

the knowledge of the individual. So the

new regulations set more explicit duties for organisations that use personal data and that includes just about everyone.

  

This guide sets out the scope of the new GDPR regime and explains the practical steps that should be taken to ensure compliance.


Who is affected? 

All organisations are affected if they  collect personal data.


Personal data is any record that identifies an individual through name, address, or other contact details. This is a wide definition and shows why everyone needs to have an awareness of GDPR and how it affects their organisation.

  

The impact of GDPR will depend on the nature of the personal data held and why the organisation holds it. There are legal grounds for holding data and businesses that are already compliant with existing data protection law will have a head start in meeting the new rules.

  

Any organisation active in direct marketing should already follow data protection law. However, the new rules are more demanding so a number of organisations will have to consider data protection for the first time. For example, there are specific rules for records of children and vulnerable people so the education and health sectors are a particular focus.


The Regulator 

The Information Commissioner’s Office (ICO) was set up in 1984.

It upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals

in response to concerns about direct marketing. It has evolved over time and has acquired the ability to issue large fines. Several companies have been under scrutiny for large scale data breaches, including T-mobile and Superdrug. Its remit covers all marketing channels including mail, telephone and email. There are two legally distinct areas of activity; Data Protection and the Privacy and Electronic

Communications Regulations.

  

Enforcement and fines

GDPR has raised the existing ceiling for fines to €20,000,000 or 4% of worldwide turnover, whichever is

greater. Fines have been levied on Google at €50million (£44m) for a privacy violation,issued by the French data protection authority in January 2019.


Fines can be levied where:

•An organisation is actively misusing the data and, as the bar on compliance is being raised, previous practice cannot be relied upon 

•There is a failure to maintain adequate controls against misuse or data loss. Data can be lost through hacking of websites or theft of IT equipment and a fine will follow if adequate precautions have not been taken

•If individual rights are not protected and that individual complains to the ICO.

 

Every organisation needs to understand their responsibilities under GDPR and then take steps to make sure they are

compliant by 25 May 2018 and beyond. We recommend addressing these six, simple, key issues:

GDPR - What should be done to ensure GDPR compliance?

1. Get an understanding on GDPR

2. Map the personal data held by your organisation

2. Map the personal data held by your organisation

Get an understanding on GDPR, tailored to your industry so that you understand what matters for your organisation. This is particularly important if you are working with children or vulnerable adults

2. Map the personal data held by your organisation

2. Map the personal data held by your organisation

2. Map the personal data held by your organisation

Understand what personal data your organisation uses, where it came from and why it is held.

This includes electronic databases

and hard copy filing

3.Consent

2. Map the personal data held by your organisation

4. Legal Basis

Ensure you have appropriate consent processes that give individuals control of their data. This includes asking for consent, how that consent is recorded and what happens if consent is not given

4. Legal Basis

6.Data Protection Management

4. Legal Basis

Consent is not the only legal basis for data processing. Make sure you understand the use of legitimate interests as a basis for lawful processing

5.Individual rights

6.Data Protection Management

6.Data Protection Management

Understand the strengthened individual rights and the ability of your organisation to meet them. This includes knowing where data is held, the deletion of data no longer needed and how you might pass data on to third parties when needed

6.Data Protection Management

6.Data Protection Management

6.Data Protection Management

Review your existing data protection regime and determine what needs to improve to meet GDPR; for example the ability to detect, report and investigate a personal data breach. The regime should satisfy both the letter and spirit of the law.

NOT YET GDPR Ready?

Let us help

 •We can provide a tailored briefing session for your organisation that will enable an action plan to be prepared

•We can support you in the implementation of your GDPR regime

•GDPR regime in place? We can audit your processes to ensure they are fully compliant

•We can help with maintenance and audit of your GDPR systems.

How do I know if I’m doing a good job?

 •You have looked into what GDPR is and what it entails. You have assessed how compliant your organisation is and what steps you need to take

•You have assigned someone to take responsibility for data protection compliance

•You have implemented processes and procedures to ensure that you are GDPR compliant

•You have communicated what GDPR is to staff and have ensured that they understand and are following correct processes and procedures. It’s everyone’s job to get this right and protect the data.

Find out more

MBRS Training

Course Introduction

Suruhanjaya   Syarikat Malaysia (“SSM”) has   introduced a submission   platform based on the eXtensible Business Reporting Language (“XBRL”) format   in 2018. 


This submission platform, known   as   the Malaysian Business   Reporting System (“MBRS”) which allows for the annual   submission of :

1.Financial Statements (“FS”) and Key Financial Indicators (“KFI”);

2.Annual   Return (“AR”); and 

3.Exemption Applications (“EA”) which are related to the FS and AR applications. 


The guiding principles behind MBRS are based on the financial and non-financial scope of   Companies Act 2016.

The MBRS Portal (“mPortal”) is available at www.ssm4u.com.my and prior registration with SSM is required.

Participants can download MBRS Preparation Tool (“mTool”) during the training. 


Course Objectives

This 1-day   course provides participants with an understanding of XBRL and MBRS for the   purpose of compliance with the requirements contained in the Companies Act   2016. Participants will learn about the submission requirements and how to optimise the use of   the preparation tool (“mTool”)   to   ensure smooth filing of Annual   Returns, Financial   Statements and Exemption Applications.


Training Methodology

Trainer-facilitated course supported   with presentation slides and Q&A session.


Note

Laptop is   not compulsory for this event.   


Course Content

1.What is XBRL   and how does it work?

2.Introduction   to Malaysian Business Reporting System

3.Components   of MBRS: Taxonomy, mTool, mPortal and Reports

4.Compulsory   digital signature registration

5.Submission   workflow for FS,   KFI, AR   and EA. 

6.Install and   getting started with the preparation tool 

7.Introduction to SSM Taxonomy   (“SSMxT”) 

8.Sample   preparation and   submission of MBRS Annual Returns 


Course Learning Outcome

By attending   this course, participants will be able to :

1. Explain MBRS submission requirements

2.Get started with mTool 

3. Prepare and submit MBRS Annual Returns

4.Understand   the context of MBRS  Financial Statements


Who Should Attend

Company   Secretaries, Directors, Accountants, Auditors, Finance Professionals,   Business Owners and those  Officers and Managers who will be impacted by MBRS.

EVENT ORGANISER

Baker Tilly MH Consulting Sdn Bhd is a direct member of XBRL International Inc. XBRL International Inc is the international organisation which develops and maintains the XBRL standard and related specifications.

The professionals of Baker Tilly have been involved in the MBRS journey with SSM since 2015 through MBRS planning and implementation.


We have the right mix of team with in-depth knowledge in XBRL, Public Key Infrastructure, Companies Act 2016 and financial reporting. Baker Tilly MH Consulting Sdn Bhd is accredited by the Malaysian Communications and Multimedia Commission under the Digital Signature Act 1997 and Digital Signature Regulations 1998.

Find out more

More on ACPM

Offices

ACPMIT.ASIA TEAM

Our Blog

ACPM was founded and is headquartered in Budapest, Hungary. We have partners and  representative offices in various locations around the world to provide top-quality service to our global clients.

Reach out to one of our offices to start a discussion.

Find out more

Our Blog

ACPMIT.ASIA TEAM

Our Blog

Want to keep up with ACPM Events and News. 

Visit our blog for more information

Find out more

ACPMIT.ASIA TEAM

ACPMIT.ASIA TEAM

ACPMIT.ASIA TEAM

Find out more about the team at ACPMIT.ASIA Consultants and our Consulting Services

Find out more

Photo Gallery

    01/14

    Lim Huck hai

    Non Independent and Non Executive Director

    Lim Huck Has is the Managing Director of Baker Tilly MH Consulting Sdn Bhd and has recently been accepted as a member to the PKI Consortium. https://pkic.org/members/bakertilly/


    Years of Experience: 30


    Country Experience: Malaysia and Globally


    Qualifications/Certifications/Accreditations:

    • Bachelor of Economics (Accounting & Computer Science), Monash University, Australia 
    • Graduated Diploma in Business Law, Staffordshire University, UK
    • ACA, Institute of Chartered Accountants England and Wales
    • Chartered Accountant, Malaysia Institute of Accountants
    • CPA, MICPA
    • Certified Information System Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certified in the Governance of Enterprise IT (CGEIT)
    • Qualified Auditor of Digital Signature Act 1997
    • Certified in Risk and Information Systems Control (CRISC)
    • Professional Member, Institute of Internal Auditor
    • Certified Fraud Examiner (CFE)
    • Senior Lead Implementer – ISO37001 – Anti-Bribery Management System 
    • PECB Certified Trainer

    Linkedin

    Douglas brown

    Executive Director

    With over 25 years of experience, Douglas is an expert in cybersecurity and technology consulting. His core assessment and deployment skills are in People, Process and Technology design that add to the wealth of ICT operational efficiency, effectiveness and security. Douglas has led, advised, and managed a broad range of assessment and co-sourcing Internal Audit roles for clients in Malaysia, ASEAN, Asia, North America and the Middle East.
    Douglas has been involved in a number of WebTrust,  Public Key Infrastructure (PKI), and Governance, Risk and Compliance (GRC) reviews and engagements with regulatory bodies, the public sector, GLCs, and the private sector. Douglas has extensive experience and is a proven performer where he understands the complexities, and sometimes frustrations, working within regulatory environments. He has clearly demonstrated his skills in both structured and less structured environments and is well versed in spanning technical and business issues.
    His understanding and application of regulatory requirements and cross-recognition of compliance in relation to local and global standards will contribute to the success of this initiative. 


    Years of Experience: 25


    Country Experience: Malaysia, ASEAN, North America, Middle East and Globally


    Qualifications/Certifications/Accreditations:

    • Summa Cum Laude (Highest Honours) Bachelor of Science Dual Degrees in Finance and Economics, Drexel University, Philadelphia, Pennsylvania, USA 
    • Orbus Trained Enterprise Architect
    • Iris Trained XBRL Professional

    Linkedin

    Recent Experience

    • Douglas was the QA Director of major end-to-end cybersecurity assessments and remediation roadmaps for two GLCs involved in Critical National Infrastructure for the United Arab Emirates.
    • His responsibility in operating the National PKI of two countries in the Middle East provided him the experience to consistently maintain compliance to standards while managing ongoing and changing needs of the business.
    • Douglas was Global Head of IT Services where he oversaw the complete rebuild of the ICT infrastructure and a 100% technology refresh throughout the organisation. This led to changes in the infrastructure and service delivery in other offices around the world for which he was also responsible.
    • Douglas has also been a consultant to a number of leading Certification Authorities locally, regionally and globally. He was the architect responsible for the design of the entire technology solution for their ICT infrastructure.
    • He was responsible for the overall design and implementation of Bursa Malaysia’s principal ICT infrastructure that included the detailed day-to-day project management of the design and fit-out of the infrastructure, close liaison with the ICT architects and contractors as well as acting as the client’s on-site representative. Aspects of the design that were included in his remit included the environmental statement of requirements for power consumption, heat dissipation fire detection and suppression, security, server consolidation and virtualisation, operational staff requirements, cabling, LAN and WAN/MAN connectivity, storage solutions and rack and equipment layout to ensure optimal power consumption and heat dissipation criteria. 
    • Senior Leader on the team of over 60 professionals that won the RM1.3 billion (US$342 million) ten-year infrastructure outsourcing contract with Maybank, Malaysia’s largest financial institution.

    ANUARUL HAKIM AB HALIM

    Associate Director

    Anuarul Hakim is the Malaysian committee member Baker Tilly Public Sector Committee and has been involved in the establishment and support of SSM BizTrust program and the completion of several digital security program engagements.

    His core technical skills are in security design and build but add to that a wealth of security operational background and experience.  He has designed and built several digital security integration projects and then been responsible for the ongoing delivery of our managed security services.  He was the architect responsible for the design of the entire technology solution for digital security for clients.  Aspects of the design included infrastructure and security requirements.


    Years of Experience: 15


    Country Experience: Malaysia


    Qualifications/Certifications/Accreditations:

    • Bachelor of Science (Hons) E-Commerce, University of East London, United Kingdom
    • Orbus Trained Enterprise Architect
    • SoftExpert Trained Governance, Risk and Compliance Professional


    List of Skillsets: ISO/IEC 27001:2013 – Information Security Management System National Institute Standard of Technology (NIST) - Cyber Security Framework Center of Internet Security (CIS) Benchmark SABSA Enterprise Security Architecture Framework NIST 800-207 – Zero Trust Architecture.

    Linkedin

    Recent Experience

    • Managed and delivered several ISO27001 and NIST-based gap analyses for financial service institutions and public sector clients. Included the development of enterprise user awareness capabilities and long-term strategic plan development for achieving ISO27001 compliance. He assisted the clients to design and implement its digital security program.  The engagement covered the banking regulatory compliance, enterprise risk management, risk management in technology management of IT, physical security and environmental controls, security of information and systems, change management, system development and continuity of systems and all areas of NIST and ISO27001.
    • Managed the implementation of security implementation project for a corporate registry.  Technology tool was used to collect, correlate, and analyze security events for all business-critical servers within the client’s production environment.
    • Managed penetration tests for a business to consumer portal.  Focused on use of multiple commercial and freeware tools, and manual exploration methods to identify weaknesses in the company’s technical infrastructure – both internal and external. Developed strategic and tactical plans to address resulting business and technical risks.
    • Managed the development of an information security metrics program based on ISO27001 for MAMPU. Effort included the creation of critical success factors (CSFs), key performance indicators (KPIs), and measurement criteria and procedures for all metrics. Managed an enterprise security architecture project to define a 3-year information security blueprint for a large transportation company. Blueprint defined projects to build capabilities in all aspects of an information security program. This included everything from information security policy development to physical access controls.
    • Managed an organizational review of the information security program for a licensed certification authority. Also served as technical advisor for a strategic digital commerce risk assessment across all the client’s lines of businesses.  He also performed a technical and operational risk assessment for the client’s communications infrastructure. Focused on evaluating risks and controls associated with the client’s infrastructure and custom-developed interfaces for message handling and routing.
    • Implementation of digital security programs for our Security Operations Centre.  Majority of effort was focused on orchestration of resources, planning while adhering to industry digital security frameworks and standards.  Specific experiences gained in security by design in DevOps processes including license-mgt, SLAs and prior to this have every single application environment successfully tested, accepted including successful BCP-test
    • Examined IT risks from a cross-organizational viewpoint including internal and external risks, from a security and compliance perspective and make appropriate recommendations to protect the company from applicable risks and vulnerabilities.
    • Conducted many large-scale enterprise security architecture projects and development of information security management framework, development of service management and implementation of physical security of high technology equipment.
    • Security Architecture: He has helped to design and review secure networks and infrastructures for some of the world’s most competitive organizations. He has great exposure to extremely large and complex networks where his understanding of technical issues and business requirements has enabled him to deliver practical and secure solutions to his clients. 
    • Security Incident Response: He is a primary Global Security Incident Manager for ACPM IT based in Budapest. On call 24/7 he performs quantitative and qualitative risk analysis on emerging threats and reported incidents. He manages all aspects of the International response liaising with technical personnel and senior management to limit the cost, disruption and reputational damage to the firm. The processes and procedures that he has helped to develop ensure the fastest possible response times, which have reduced the overall cost per incident to the firm. In a recent effort to enhance service provision and reduce cost he has helped to extend this service to operate on a follow the sun basis involving colleagues located worldwide.
    • Led a team of solution architects to propose and closing the deal for Disaster Recovery Consolidation Solution project for Malaysian Industrial Development Board.
    • Assisted in developing the outsourcing arrangement for Wide Area Network project for Permodalan Nasional Berhad.  The Client was able to recognise several benefits through the course of work: 
      • Improved communication among business unit controllers
      • Improved appreciation of business unit dependencies 
      • Improved integration with the Outsource provider
      • Clear understanding of Outsourcer roles and responsibilities for transactional processes
      • Identified and addressed issues between Outsourcer and Users concerning expectation gaps
      • Identified judgmental activities being performed by outsource provider and developed policy guidance
      • Captured detailed process documentation to help mitigate “knowledge erosion”
      • Identified controls that could be imbedded into the business process
    • Communicate with the IT Principals to develop the best solution for Malware License project for Road Transport Department.  
    • Coordinated a team of solution architects to propose and closing the deal for Disaster Recovery Solution project for Perbadanan Nasional Berhad.  He assisted the financial service institution with their cyber resilience and disaster recovery arrangements (including technology disaster recovery and business continuity) for the banking operations and back-office processes.  He worked with the client to assess their cyber resilience, recovery, and resilience requirements, design the strategy options, prepare interim recovery procedures and plans and facilitate the testing of these procedures. He had helped source and set-up the workspace recovery facilities.  He also assisted in the design of the cyber resilience solution for the systems and infrastructure.  He developed an impact analysis to provide the criticality and prioritisation of our client’s key services and systems.  He then identified the recovery objectives required to manage the exposure to a catastrophic failure due to cyber incidents and set out the strategy, roadmap and architectural design to meet the strategic objectives for recovery.  The project incorporated banking compliance and risk management requirements.  He performed tests included invocation of the senior executive’s crisis management team and the recovery of all critical applications and systems, recovery of business operations in recovery mode and involved the participation of all key staff from the business and technical units.
    • Involved in security design and system development for SSM BizTrust Management System.  The current system development and outsourcing arrangement lacked detailed documentation of processes and responsibilities and is required to comply with the regulatory requirements and best practices.  The scope of work was to document the current state processes for system development and outsourced activities by capturing key activities by performer, identifying potential process gaps in each process, and identifying opportunities to implement monitoring controls and policies to better manage the outsourced system development processes and reduce risk. As part of the global delivery team, he utilised the following approach to perform the baseline assessment and enterprise risk management and business performance improvement engagements: -
      • Identify key processes to be included in review and analysis
      • Work with client and outsource provider to document current state processes 
      • Identify process and policy Gaps
      • Identify key risk areas for each in-scope process
      • Identify opportunities to implement monitoring activities to mitigate key risks
      • Document policy and procedures

     ACPMiT.Asia is a part of ACPM IT Tanacsado Kft, H-1051 Budapest, Szechenyi Istvan Ter 7-8, Hungary.

    Copyright © 2019 ACPMIT.Asia - All Rights Reserved

    • Home
    • Managed Security Services
    • Online Training
    • ACPMIT Digital Learning
    • Contact Us

    Powered by GoDaddy