New SME Guide based on ISO/IEC 27002 standard: Essential controls for SMEs to protect user’s privacy and data and ensure GDPR compliance

April 7, 2022

|In News, Standards, Cybersecurity and Privacy, Digitalisation

Cyber-attacks continue to rise with ever more data breaches and crippling cybersecurity failures. Yet, measures to safeguard one’s digital assets are becoming more complex and expensive for SMEs to enforce.
To address the situation, DIGITAL SME has developed the SBS SME Guide on Information Security Controls to help SMEs reach the essential level of protection via the implementation of cybersecurity standards.
Out of the 114 controls presented in the ISO/ICE 27002 standard, the guide presents 16 essential controls that SMEs need to implement to provide adequate protection for their digital assets.

With cyber-attacks becoming more prevalent, there is an increasing need to protect SMES’ existence and strengthen their resilience. As cyber-attacks become more sophisticated, requirements for protecting an enterprise’s assets, including personal information, are getting more complex. SMEs suffer the most damage after a cyber-attack, and their chances of recovery and business continuity are smaller than big companies. SMEs are also asked to implement similar protection measures which are costly. Their inability to be compliant with costly requirements puts them in jeopardy and decreases their chances of recovery. This “one-size-fits-all” approach does not help SMEs!

To raise awareness and help SMEs be better protected, a group of Small Business Standards (SBS) and DIGITAL SME experts have developed an SBS guide on implementing security controls, which is based on the ISO/IEC 27002 standard, while also addressing other standards. The experts have selected 16 out 114 controls that shall provide essential protection for an SME and ensure GDPR compliance[1]. The controls cover four main categories:

Personal
Organisational
Partially Organisational/Technical
Technical (ICT related)

In addition to raising awareness of cybersecurity, this implementation guide aims to contribute to the ongoing efforts to upgrade the digital intensity of SMEs. Cybersecurity SMEs can use this guide to tailor solutions for non-ICT SMEs and strengthen their security requirements, while upgrading their level of digital capabilities. SBS has also published an SME Guide in Information Security Management, based on ISO/IEC 27001 standard. Together, the two guides can help SMEs to implement comprehensive cybersecurity requirements.

Download the SBS SME Guide on Information Security Controls here.

[1] It is advisable to always check the text of GDPR to ensure full compliance

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

News & Events

New SME Guide based on ISO/IEC 27002 standard: Essential controls for SMEs to protect user’s privacy and data and ensure GDPR compliance

Cyber-attacks continue to rise with ever more data breaches and crippling cybersecurity failures. Yet, measures to safeguard one’s digital assets are becoming more complex and expensive for SMEs to enforce.

To address the situation, DIGITAL SME has developed the SBS SME Guide on Information Security Controls to help SMEs reach the essential level of protection via the implementation of cybersecurity standards.

Out of the 114 controls presented in the ISO/ICE 27002 standard, the guide presents 16 essential controls that SMEs need to implement to provide adequate protection for their digital assets.

Create an account

Log in