Part II: why the CPB is still a bad idea

I got a comment from an ex-intern of mine about the CPB and why it does not apply to all tech workers but only to those wanting to work on CNII (critical national information infrastructure) projects.

The thing is, Malaysia being as small as it is, IT companies may eventually find themselves working for or with a government-linked agency. There is no specific definition of what agency or department that is or is not deemed CNI.

Does this make things better? Not really. The bill is still poorly worded, very misleading and the worst case scenario still applies: if a fresh grad, non-tech certified and not registered, emails an idea to a friend about upgrading a government service, it is still TECHNICALLY against the law.


1. To bid for a contract, instead of going through one layer of bureaucracy, you add even more layers. You have to pay annual fee, get tested and adhere to some vague standard to be judged qualifed to work on government or CNNI-related projects. In other words, it’s a rather fancy way to legalise paying duit kopi.

2. The CPB board is minister-appointed. What’s to stop the MOSTI minister from appointing a crony?

3. Registered professionals not being able to practise outside their declared proficiency. Hello, IT people pick up skills as and when they go along. So everytime a professional learns a new skill, he/she needs to take another exam or show another certification to prove their competence? It doesn’t work that way, bub.

4. An agency to define what IT professionals are should be independent of the government. Self-regulation! The government has no right to declare that, say, a Microsoft-certified fresh grad is a professional while a self-taught Linux hack with no formal degree or certs isn’t. IT professionals should be judged by their peers and not have the government try to MAKE MONEY out of “certifying” IT professionals.

So my verdict? The bill is still an act of bodohness. But I’ll let my former intern Will have his say. You may or may not agree with either of our point of views but freedom of expression is important.

Hey former boss (referring to Erna :P )

TLDR: The only thing that really changes with this Act is that critical government services will now only be serviced by an exclusive club which restricts membership according to formal qualifications (and/or extensive proof of experience). Rest of IT not affected.

After speaking with one of the proponents of the bill, and re-reading the Bill – it turns out that this has been a huge misunderstanding. If you read it carefully, you will find that only “CNII” (Critical National Information Infrastructure) services requires one to be registered. I.e., if you’re in the IT industry, and you don’t provide IT services for the government in critical areas, you don’t need to even be aware of the existence of this act.

There are only two places in the document which talks about restrictions to non-registered persons. One says that non-registered persons shall not render the services of a registered person. The other says that only registered persons can render services for CNII related stuff.

The only remaining issue is less major – i.e. that the academics require that the word ‘professional’ to be reserved for those with formal qualifications / training or extensive proof of experience. Considering that this doesn’t affect freedoms in any major way, I’m fine with it.


11 thoughts on “Part II: why the CPB is still a bad idea

  1. Lays

    There are more implications than just brushing it off with “you only need to do this if you tender for government projects”. In reality, who doesn’t want to have a chance to that?

    Which eventually most companies will want to hire registered professional, creating unnecessary shortage. Even so, it may extend to private education institutions, with the selling point “if you graduate here, you are complied to CPB”.

    If I am, lets say, Oracle certified specialist and my resume shows my credential. Why do I even need to prove to a body who may not understand my experience again? Why is the unnecessary steps just to bid for a Govt project? So does this mean, registered Oracle specialist will have more credibility than unregistered Oracle specialist?

    Why reinventing the wheel?

  2. Perhaps your former have not seen the list of which sectors are considered CNII by our beloved CyberSecurity Malaysia? . Even their definition of eligible sectors to be called as CNII is a very generic.

  3. OldTechie

    Don’t we already have Cisco’s CCNA, Microsoft’s MCSE, Redhat’s Cert’s etc, etc…., Isn’t that enough? Why the need to aggravate an already hard, competitive industry????? Why????? Kudos for Erna for pointing out the facts……… 😀

  4. Charles F Moreira

    This whole thing is just a storm in a teacup.

    I have read through the whole document and apart from its heavily legal language, and draconian penalties for offenders, there is nothing in it which is very different from conditions governing engineers, doctors, lawyers, etc.

    Section 14 (1) (a) on the qualifications for registration as a
    Registered Computing Practitioner would apply to any graduate in a computing discipline from a recognised institution or any other certificates recognised by the board.

    That the proposed bill does not emphasise specific skills, experience and qualifications is most likely because it recognises the huge diversity and rapid-changing nature of this technology, so keeps it general.

    I’m sure Erna could qualify to become a Registered Computing PRACTITIONER if she applied..

    Also, if you read MOSTI’s statement here, nobody is compelled to register unless they work on projects for entities identified as Critical National Information Infrastructure.

    According to the NITC, the 10 CNNI include

    National Defence & Security
    Banking & Finance
    Information & Communications
    Health Services
    Emergency Services
    Food & Agriculture

    However, if you look under Section 19 (2), you’ll see that a Registered Computing Practitioner may work on CNII projects provided he/she does so under the supervision of a Registered Computing PROFESSIONAL and it is the Registered Computing Professional who is subject sub-section 19 (3) and most of the of penalties, so if there’s anyone who’s going to take the rap it will be the person who engaged the Registered Computing Practitioner.

    “A Registered Computing Professional may only provide
    Computing Services in the disciplines or specialisations of Computing he is qualified to practise and as is shown in the Register under subsection 12(2).”

    That only applies to the Registered Computing Professional and not the Practitioner.

    Also, note the penalties for fraud, corruption, etc. The Pakatan should love these penalties, if they are conscientiously implemented.

    A Registered Computing Practitioner is equivalent to a Graduate Engineer registered with the Board of Engineers Malaysia (BEM) and getting that is basically a formality, much like applying for a job, which sometimes can be a worse hassle.

    I’m registered with the Board of Engineers as a Graduate Engineer (Electronics) in 1980, shortly after graduation. If I recall right, all I needed to do was to fill in a form, show my degree or a certified copy thereof and perhaps a course transcript from my university.

    On the other hand, a Registered Computing Professional is equivalent to a Professional Engineer registered with the BEM and getting that requires about four years of relevant work experience under the mentorship of Professional
    Engineer, plus records of relevant continuing professional education, the taking of an exam in engineering ethics and an interview before the board of peers.That’s more like reading for a degree.

    I never went further to become a Professional Engineer since most of the work I did was not related to any major project and moreover, I did not have the opportunity to work under a Professional Engineer.

    In fact, there are many electronic engineering graduates who have not registered as Graduate Engineers with the BEM and have no incentive to do so, unlike civil, mechanical and electrical engineers who can earn much more
    by undertaking projects, sign papers, plans, reports, etc.

    My friend’s late father, an professional electrical engineer, could charge RM2,000 in the early 1990s just for putting his chop and signature on an engineering drawing but he was also liable if anything went wrong.

    Likewise, there are many law graduates who work as legal advisors, etc without having to be called to the bar – i.e. become barristers, who must obtain a Certificate of Legal Practice after a period of supervised legal work – i.e. chambering, under another barrister.

    In the medical profession there are medical graduates who work as housemen/interns under a registered medical practitioner for a year before they themselves can be registered. That’s why you’ll find most housemen working in hospitals.

    Also, this is just a draft proposal which is still open to discussion and objection, so it would be far better IT people to use the opportunity while it’s there to voice their objections and doubts with MOSTI.

    So what’s the big deal?

  5. KSC

    I feel there is bad faith all round. MOSTI was absent and yet they will provide the eventual “administration” & governance. PIKOM looks after the IT Vendors, not IT professionals. The so called Academics are still in a glass tower. They are after all responsible for churning out those unemployable IT graduates.

    The panel also suggests 2 conflicting objectives. Protection of critical services vs improving standards. The mess in current IT projects is not a reflection of quality of IT professionals but the way projects are conceived, justified, specified, awarded and managed.

  6. Charles:The big deal is that it is being made by people who are totally clueless about the actual practise of IT(as opposed to academics).

    …” there is nothing in it which is very different from conditions governing engineers, doctors, lawyers, etc.” That is exactly the problem. IT is very different from say profession of doctors. The very essence of IT is that it thrives on permissionless innovation as opposed to doctors who belong to a fundamentally conservative profession. Their modus operandi is totally different, and the Bill not being any different is exactly the problem.

    • Charles F Moreira

      Registration is not compulsory unless one works on CNII projects.

      There is nothing to prevent developers doing innovation in a lab or a non-production computer system.

      Only when the innovation has been extensively tested and proven is it released to be applied to production systems.

      This is how it is done by all responsible companies, even if the innovation is not for CNII related use, well hopefully.

      The problem might be that the scope defined by the proposed bill is too general and rather sparse, leaving people to imagine all sorts of horrible things. Let’s see the details of how this will be implemented by the proposed board if it’s set up.

  7. Hafeez N.

    This is very sad. The bill is still very ambiguous. What if one person is not IT grad,or from engineering grad that applies IT technology in his/her career?Don’t we have a lot of technology certificates that are much proven such as Microsoft Cert, CCNA,SAP cert?Why must gov. add more layer of ridiculous step. I still don’t get it the objectives,it gives ppl like me little less of freedom to do what i loved the most.

    Sad country, sad governance.

    • Charles F Moreira

      Those are all vendor-driven certifications. Don’t you want a certification which is Malaysian?

      Agreed that the scope is currently vague but hopefully the proposed board will provide a means for even self-taught programmers without any certification to register, firstly as Registered Computing Practitioners and later as Registered Computing professionals.

      Rather than complain here, this is the time to raise these questions with the parties behind the proposed Bill and Board.

  8. docomo

    Charles F Moreira has been going around spreading disinformation and rubbishing other people’s more learned dissection of the bill.

    Stop being an apologist for the government when you barely worked in the IT field or at all!

  9. I see you don’t monetize your site, don’t waste your traffic, you can earn additional cash every
    month because you’ve got high quality content.
    If you want to know how to make extra money, search for: Mertiso’s tips best adsense alternative

Leave a Reply