Malaysia

Malaysia issued the Personal Data Protection Act (PDPA) on June 10, 2010, which came into force on November 15, 2013.

The PDPA regulates the processing of personal data in commercial transactions and related matters.

HUAWEI CLOUD Compliance with Malaysia PDPA shares our experience and best practices in privacy protection and shows you how we can help you meet the PDPA requirements.

Financial regulators in Malaysia include:

● Bank Negara Malaysia (BNM), also known as the Central Bank of Malaysia. It oversees banking and financial activities throughout the country.

● The Securities Commission Malaysia (SC) is the statutory government agency responsible for the management and supervision of the Malaysian capital market.

To regulate financial institutions' risk management in technology, the BNM and SC published a series of regulatory requirements and guidelines, covering technology risk management, IT outsourcing management, customer information protection and business continuity management for financial institutions operating in Malaysia The related regulatory requirements and guidelines include:

• Risk Management in Technology: This policy describes the BNM's requirements with regard to financial institutions' management risks in technology.

• Outsourcing: This policy specifies the scope of outsourcing arrangements and BNM's requirements for financial institutions to establish governance and risk management frameworks, including those relevant to the protection of data confidentiality.

• Management of Customer Information and Permitted Disclosures: This policy describes BNM's requirements for financial service providers' handling of customer information throughout the information lifecycle. The policy covers collection, storage, use, transmission, sharing, disclosure and disposal.

Guidelines on Data Management and Management Information System Framework for Development Financial Institutions: This policy establishes guidelines for sound data management and management system practices for financial institutions in developing their data management capabilities. Financial institutions need to design and build data and management systems in compliance with the principles in the guidelines and in a way that is appropriate to specific business needs of a financial institution.

Guidelines on Business Continuity Management: This policy describes the minimum business continuity requirements for financial institutions to ensure that the major business functions and essential services are not interrupted within a specified period of time in the event of a major disruption. Minimizing disruption to essential business services would increase public confidence in financial institutions and the system, and mitigate reputational risks for financial institutions.

Guidelines on Management of Cyber Risk: This policy specifies SC's cyber risk management requirements for financial institutions. These requirements help financial institutions improve cyber risk management to ensure cybersecurity.

● Guiding Principles on Business Continuity: The objective of this document is to guide the financial institutions on minimum standards where entities are encouraged to adopt based on the nature, size and complexity of their business operations. The overall intended outcome of the principles is to ensure timely continuation of critical services and the fulfilment of business obligations in the event of disruptions and, ultimately, to mitigate or manage any possible wider systemic risks to the Malaysian capital market.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Malaysia describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Malaysia.

Huawei Cloud is committed to providing you with secure infrastructure and services that meet compliance requirements. Each service has built-in security functions and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and service security provided by Huawei Cloud has been reviewed and approved by independent third-party authorities and has earned security certifications from numerous organizations.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

In addition, your services need to meet the corresponding regulatory requirements. They must comply with the Outsourcing requirements released by BNM for cloud service outsourcing, outsourcing arrangement approval, and outsourcing plan submission.

You can download HUAWEI CLOUD Security White Paper to view details about what the Huawei Cloud and yourself are responsible of.

For any additional security and compliance questions, contact us or your account manager.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.