Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study
The leading international standards for information security management, ISO/IEC 27001 and ISO/IEC 27002 originate from the UK, but are applied worldwide. This paper explores whether the processes of selection, implementation and use of these interrelated standards differ between China and Europe by studying cases of Chinese and European companies. Chinese companies face some additional problems with the standards but manage to get them successfully implemented in a short period of time. Main differences relate to governance and management of standard adoption. This study is innovative in the method used for standardisation research (comparative multi-case study), and the topic: implementation and impact of information security management standards.