This guide for SMEs builds on ISO/IEC 27002 and presents the basic controls for SMEs to protect users’ privacy and data and ensure compliance with the GDPR and achieve the baseline level of protection by implementing cybersecurity standards.
Out of the 114 checks listed in ISO/ICE 27002, the guide lists 16 core checks that SMEs need to put in place to ensure that their digital assets are adequately protected.
The controls cover four main categories:
- Personal
- Organisational
- Partly organisational/technical
- Technical (ICT related)
In addition to raising awareness about cybersecurity, this implementation guide is intended to contribute to the ongoing efforts to modernise the digital intensity of SMEs. Cybersecurity SMEs can use this handbook to adapt solutions for non-ICT-related SMEs and strengthen their security requirements while increasing the level of digital capabilities.