Implementation of ISO 27001 in Saudi Arabia – obstacles, motivations, outcomes, and lessons learned

Protecting information assets is very vital to the core survival of an organization. With the increase in cyberattacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although complying with an international information security standard such as ISO 27001 has been on the rise worldwide, with over 7000 registered certificates, few companies in Saudi Arabia are ISO 27001 certified. In this paper, we explore the motives, obstacles, challenges, and outcomes for a Saudi organization during their implementation of ISO 27001, with the goal of shedding some light on the reason behind the low adoption of the ISO 27001 certification standard in the region of study. While customer satisfaction and good partner relationships are essential for an organization’s survival, strikingly, none of the organizations interviewed indicated that their goals included meeting consumer requirements or a partner’s mandates