SME guide for the implementation of ISO/IEC 27001 on information security management

In the framework of the EU-funded actions for support to SMEs in standardisation by Small Business Standards (SBS), the European DIGITAL SME Alliance (DIGITAL SME) published an SME Guide for the implementation of ISO/IEC 27001 on information security management. ISO/IEC 27001 is the international standard for companies that need a robust approach to managing information security and building resilience. With its Guide, DIGITAL SME wants to help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation.

How can this guide be helpful for Small and medium sized enterprises?

1. SMEs make up the vast majority of businesses in Europe, outnumbering large corporations and employing more people. They are recognised to be a driver for innovation in Europe.
2. Most SMEs underestimate their risk level for cyber-attacks, in the belief that they do not handle any information worth staelaing.
3. However, small businesses have a lot of digital assets compared to an individual user and they often have fewer security measures in place than larger organisations.

The SME Guide for the implementation of ISO/IEC 27001 was developed by information security experts appointed by recognised SME and cyber-security trade associations of various European countries. The guide is written for and is applicable to SMEs that rely on technological assets. Its guidelines can be easily implemented by any organisation, whatever their size or complexity.

Based upon ISO/IEC 27001 content, the Guide describes a a wide array of practical activities that can significantly help with establishing or raising information security levels within an SME. Workshops and dedicated training sessions will be made available by SBS and DIGITAL SME throughout 2018 in order to present the Guide to SMEs and interested users.

The guide is freely accessible and downloadable here!