MUST Awarded ISO/IEC 27001:2022 Information Security Management System Certification

To comprehensively elevate the university's information security governance and safeguard core digital assets as well as the privacy of faculty and students, the Information Technology Development Office of Macau University of Science and Technology (MUST) has recently passed the rigorous audit by the internationally authoritative certification body BSI (British Standards Institution). The university was officially awarded the ISO/IEC 27001:2022 Information Security Management System international certification (Certificate Number: IS 809360). The scope of this certification covers all information security management activities of the university's unified smart service platform, WeMust, and the IT Data Center. This marks the first instance among higher education institutions in Macau where both core business application systems and data center infrastructure are simultaneously included in the certification scope of the latest ISO/IEC 27001:2022 standard. It signifies that MUST's information security management has reached international standards, providing a solid security foundation for the university's high-quality development and digital-intelligent transformation.

Prof. Tong Ka Lok, Vice President of MUST, with the Information Security Team of the ITDO.

ISO/IEC 27001 is currently the most authoritative and widely accepted standard for information security management systems globally. Building upon the original framework, the 2022 version strengthens the control requirements for emerging risks such as cloud services, threat intelligence, and data leakage prevention, making the certification significantly more challenging and valuable than previous versions. Against the backdrop of higher education fully advancing towards digital-intelligent transformation, information security has leaped from behind-the-scenes technical support to a frontline strategic pillar. Breaking down information silos, MUST has comprehensively implemented an information security governance model characterized by unified planning, platform-first approaches, and intensive construction, striving for steady progress and excellence through efficient collaboration and refined management.

Vice President Prof. Tong Ka Lok (first from left) and Director Zhao Xichen (first from right) with the Information Security Working Group

Prof. Tong Ka Lok, Vice President of MUST, stated: "Today, we are in a digital-intelligent era driven jointly by data, computing power, and intelligence. Information security is by no means a 'solo performance' of the technical department, but rather a 'concerto' concerning the university's overall development strategy. Centered around WeMust, we have constructed a comprehensive information security management system and proposed the core strategy of 'Transformation Drives Security, Security Safeguards Transformation.' We take proactive and effective actions regarding the compliance control and governance of the information system, maintaining a constant state of vigilance."

The ISO/IEC 27001:2022 certificate alongside the Information Security Management System

Relying on the unified smart service platform WeMust, and centered around the self-developed unified operations and security management platform (MoSS), MUST has carried out comprehensive information security operations practices. These cover key areas including infrastructure, software and hardware equipment, information systems, core data, IoT terminals, personnel management, and AI applications. After years of dedicated practice, MUST's successful acquisition of the ISO/IEC 27001:2022 certification is not only an affirmation of the phased achievements in its information security management but also a new starting point for the university to continuously enhance its information governance capabilities. Looking ahead, MUST will continue to uphold the philosophy of "Transformation Drives Security, Security Safeguards Transformation," constantly perfecting its information security defense system to provide safer, more reliable, and highly efficient digital-intelligent campus services for all faculty and students.