The protection of personal records and commercially sensitive information is critical within any organisation. Most SMEs underestimate their risk level for cyber-attacks. While SMEs are the majority of businesses in Europe and great drivers of innovation, they are too often unprepared to deal with cyber threats.

In the framework of the EU-funded actions for support to SMEs in standardisation by Small Business Standards (SBS), the European DIGITAL SME Alliance (DIGITAL SME) published an SME Guide for the implementation of ISO/IEC 27001 on information security management.

ISO/IEC 27001 is the international standard for companies that need a robust approach to managing information security and building resilience. With its Guide, DIGITAL SME wants to help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation.

“We are proud to have led this initiative that will be beneficial to all SMEs relying on technological assets” – said Mr Oliver Grün, President of DIGITAL SME – “and we will do our best this year to further promote our Guide and the use of standards among the SME community in Europe”.

The SME Guide for the implementation of ISO/IEC 27001 was developed by information security experts appointed by recognised SME and cyber-security trade associations of various European countries. Mr Fabio Guasconi of the Italian association CLUSIT chaired a group of 12 experts from seven countries: “SMEs usually think that they do not handle any information that is worth stealing.” – he said. – “On the contrary, small businesses are often part of complex value chains and their fragile IT security is a great threat to larger eco-systems.”.

On the basis of ISO/IEC 27001 content, the Guide describes a series of practical activities that can significantly help with establishing or raising information security levels within an SME. Workshops and dedicated training sessions will be made available by SBS and DIGITAL SME during 2018 in order to present the Guide to SMEs and interested users.

Download here the SME Guide for the implementation of ISO/IEC 27001 on information security management.