SME guide for the implementation of ISO/IEC 27001 on information security management

In the framework of the EU-funded actions for support to SMEs in standardisation by Small Business Standards (SBS), the European DIGITAL SME Alliance (DIGITAL SME) published an SME Guide for the implementation of ISO/IEC 27001 on information security management. ISO/IEC 27001 is the international standard for companies that need a robust approach to managing information security and building resilience. With its Guide, DIGITAL SME wants to help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation.

How can this guide be helpful for Small and medium sized enterprises?

  1. SMEs make up the vast majority of businesses in Europe, outnumbering large corporations and employing more people. They are recognised to be a driver for innovation in Europe.
  2. Most SMEs underestimate their risk level for cyber-attacks, in the belief that they do not handle any information worth staelaing.
  3. However, small businesses have a lot of digital assets compared to an individual user and they often have fewer security measures in place than larger organisations.

The SME Guide for the implementation of ISO/IEC 27001 was developed by information security experts appointed by recognised SME and cyber-security trade associations of various European countries. The guide is written for and is applicable to SMEs that rely on technological assets. Its guidelines can be easily implemented by any organisation, whatever their size or complexity.

Based upon ISO/IEC 27001 content, the Guide describes a a wide array of practical activities that can significantly help with establishing or raising information security levels within an SME. Workshops and dedicated training sessions will be made available by SBS and DIGITAL SME throughout 2018 in order to present the Guide to SMEs and interested users.

The guide is freely accessible and downloadable here!


A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.