Providing secure and reliable personal financing services to clients through an ISO/IEC 27001:2022–compliant ISMS.

Cybersecurity threats continue to grow in both scale and sophistication. As ACOM pursues its mission to enrich the Malaysian economy and empower individuals through personal financing services, ACOM prioritizes safeguarding customer information by continuously enhancing its cybersecurity resilience.

Before partnering with ABeam, ACOM benefited from general guidance on information systems and security management provided by its parent company, ACOM Co. Ltd. in Japan. ACOM also had established risk management processes, including internal audits focused on legal and regulatory compliance, as well as robust Governance, Risk, and Compliance (GRC) practices that maintained comprehensive corporate policies and standard operating procedures. While these existing processes laid solid foundation for Information Security Management System (ISMS), they were not specifically designed to meet the rigorous requirements of the ISO/IEC 27001:2022 standard. As a result, integration and alignment were necessary to ensure that ISMS operations complemented existing practices without creating redundancy, paving the way for a more effective and certifiable security management framework.

The ISO/IEC 27001:2022 standard can be challenging to interpret due to its formal, high-level language, which is often descriptive rather than prescriptive. The standard does not explicitly specify the exact steps organizations must take to achieve compliance. Instead, it leaves the approach to fulfilling each requirement up to the organization—whether that means implementing a new system or establishing a manual process. For organizations pursuing certification for the first time, it can be difficult to determine precisely what actions are needed to meet each requirement. Additionally, the 93 controls outlined in Annex A of the ISO/IEC 27001:2022 standard may appear daunting and overwhelming, especially for those new to the framework.

When implementation team members are not well versed with the ISO/IEC 27001:2022 requirements, several issues can arise. These may include the establishment of inadequate controls and the omission of mandatory documentation, both of which can result in non-conformities during the certification assessment. The number and severity of such non-conformities can complicate the process of obtaining or maintaining certification.

Securing endorsement and dedicated resources from ACOM management was fundamental to the success of the ISMS initiative. This top-level support ensured that the project was strategically aligned with organizational goals and fully resourced for optimal execution. Leadership’s active involvement set a clear direction, empowered teams, and fostered a culture of accountability. Their commitment not only provided the necessary momentum but also reinforced the importance of information security across all levels of the organization, making it a shared priority and enabling rapid, decisive progress toward ISO/IEC 27001:2022 certification.

ABeam and ACOM conducted structured workshops and established effective communication channels, enabling a shared understanding of ISMS objectives across all departments.
These efforts accelerated risk assessment, risk treatment, and documentation activities, cultivating broad organizational commitment. Regular ISMS Committee Meetings were held not only to monitor progress but also to encourage active questioning and provide constructive advice. Tailored awareness training sessions were delivered to diverse audiences—including front office, back office, information security officers, and top management—ensuring everyone understood their roles and responsibilities in maintaining a secure environment.

Proactive engagement of ISMS committee members from the front office, back office, legal, and IT—working in close partnership with ABeam Consulting—enabled the effective implementation of information security management processes that were seamlessly integrated with existing business operations. ABeam provided practical guidance on each requirement and clarified auditor expectations, ensuring that all stakeholders could contribute effectively. This collaborative approach ensured that all stakeholders were empowered to contribute meaningfully, resulting in a unified and resilient security posture.

To sustain the initiative, ABeam and ACOM implemented systematic reviews, internal audits, and corrective actions, strengthening the organization’s security posture. ABeam shared insights into typical pitfalls and common reasons for nonconformities, equipping ACOM with the knowledge to avoid these issues and ensure a smooth certification process. Risk-driven prioritization of controls safeguarded critical operations while maintaining productivity and business agility. This ongoing cycle of review and improvement embedded a culture of continuous enhancement, ensuring the ISMS remained effective and aligned with evolving business needs.

ABeam played atransformative role in ACOM’s ISMS journey, delivering a seamless, efficient, and cost-effective path to ISO/IEC 27001:2022 certification. ABeam accelerated ISMS implementation by deploying seasoned consultants with deep expertise in both the technical requirements of ISO 27001 and the practical realities of facing ISO assessment auditors from leading certification bodies. Leveraging proven frameworks, templates, samples, and best practices, ABeam minimized inefficiencies and reduced development costs, ensuring every step was audit-ready and aligned with industry standards.

Embodying the “Real Partner” philosophy, ABeam worked on-site as an integrated member of the ACOM team. This close collaboration fostered stakeholder alignment through multiple streams of targeted workshops and established robust cross-functional communication channels, ensuring all teams moved forward together. ABeam’s consultants were not just advisors—they were active participants, sharing responsibility and ownership throughout the project lifecycle.

After ISMS was implemented in ACOM, ABeam conducted internal audits that simulated the certification assessment, combining objective evaluation with a consultative approach. This enabled the team to identify gaps, receive practical advice, and confidently address ISO 27001 certification assessment auditor expectations.

ABeam tailored the project schedule to fit ACOM’s unique needs, successfully implementing the ISMS within a focused six-month program. This approach ensured that business-as-usual operations continued without disruption. ABeam’s one-stop support package covered all aspects of implementation, including vulnerability scans and internal audits, eliminating the need for ACOM to engage multiple partners and reducing both cost and time.

Through ongoing reviews, corrective actions, and internal audits, ABeam helped embed a culture of continuous improvement, establishing a resilient and sustainable information security environment for ACOM.

By implementing an ISMS, ACOM has strengthened its information security framework while improving governance, building stakeholder trust, and establishing a scalable foundation for sustainable growth.
Furthermore, strengthening the information security framework and improving governance within an organization helps build stakeholder trust and establishes a foundation for sustainable business growth.
ABeam contributes to these efforts by aligning security measures with management priorities and business objectives.