Implementing ISO/IEC 27001:2022 in a SME : a case study using Cyberday
Nygård, Magdalena (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024121837317
https://urn.fi/URN:NBN:fi:amk-2024121837317
Tiivistelmä
The digital age poses growing threats like data breaches and ransomware, challenging consulting enterprises managing client data. The ISO/IEC 27001:2022 standard offers a globally recognized framework for building an Information Security Management System (ISMS) to enhance data protection, compliance, and customer trust.
This thesis investigates the early implementation of ISO/IEC 27001:2022 in a Finnish IT consulting SME through a qualitative case study. The researcher actively participated in the implementation team, focusing on aligning operations with clauses 4–10 of the standard.
Additionally, the study examines the Cyberday tool's role in streamlining ISO 27001 compliance by automating risk management and document processes, ensuring adherence to GDPR. The findings provide a practical roadmap for SMEs to tackle ISO 27001 implementation and strengthen information security using effective tools.
This thesis investigates the early implementation of ISO/IEC 27001:2022 in a Finnish IT consulting SME through a qualitative case study. The researcher actively participated in the implementation team, focusing on aligning operations with clauses 4–10 of the standard.
Additionally, the study examines the Cyberday tool's role in streamlining ISO 27001 compliance by automating risk management and document processes, ensuring adherence to GDPR. The findings provide a practical roadmap for SMEs to tackle ISO 27001 implementation and strengthen information security using effective tools.