Maturity assessment of the ISO 27001 information security management system in social welfare and healthcare organisations

The Kyber-Terveys project drew up the instructions below to make it easier to create an information security management system. The instructions are written from the perspective of organisations providing healthcare services in particular, but they can also be used by other organisations.

An important preliminary step in the smooth creation of an information security management system is to assess the differences between the organisation’s current status of information security management and the goal state required by the standard. Every organisation has practices that work well. They should be identified and maintained while creating new practices.

Free to use – under a few conditions

The Kyber-Terveys project published these instructions under a Creative Commons Attribution 4.0 license (CC BY 4.0) (External link). This means that you can use the instructions for whatever purposes you wish, edit it as you wish and distribute it as you wish under the following conditions:

• Attribution – You must give appropriate credit, provide a link to the licence and indicate if you made changes to the content. You may do the aforementioned things in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
• No additional restrictions – You may not apply legal terms or technological measures that legally restrict others from doing anything that is permitted by the licence.