While ISO elucidate security risks based on the organizations exposure the GDPR focuses on the impact of privacy breaches on the data subject. Building inter-organizational trust by implementing information security management system: ISMS is set of processes, documentation, activities and resources that together secure assets within information security management system thesis organisation.

Thesiis same problem is faced in the cyber security field, where threat level increases from the changes outside organisational boundaries. This study used narrative literature review to find supporting and resisting elements of inter-organisational trust that can consider in ISMS.

The business interaction between supply chain participants is enabled by building information security management system thesis trust first.

Jultika University of Oulu repository. This study provided ways to build this inter-organisational trust by considering steps to take in information security management system ISMS implementation. Commercial informatiom is prohibited. Managejent modification would be required to the scope document, risk document and statement of applicability to map towards records of processing and data informztion impact assessment.

Secondly, this has also an impact on how the security and data protection controls have to be selected.

Jokaisen toimitusketjuun osallistuvan on suojauduttava. It must be assembled to support strategic business goals and comply selected requirement criteria.


It was therefore concluded that while a management system is important a dedicated data protection management system DPMS needs to be built. While this implies that some extra efforts are necessary the good part of this finding information security management system thesis that synergies in the control framework can be found. We can conclude that while ISO provides a solid base complementary controls are necessary.

This means that a complementary governance organization is needed.

Instead, information security management system thesis is a good starting point for trust building. Semantic inconsistencies in controls: You may download, display and print it for your own personal use. Data sharing and data export: Inter-organisational trust is increasingly important among supply chain participants, where threats are building up from sources out of organisational control.

An information security management system must be enhanced towards a data protection management system.

The need for a data protection management system

Each value chain participating mabagement the supply chain must be secured. While some controls achieved full compliance a number of gaps with only partial compliance where identified.

Impact on data subject versus organizational security risks: Data protection by design and default: This area has, not surprisingly, the most significant gap and extra efforts are needed. Another important difference according to the thesis is the approach to information security management system thesis risk exposure.


This publication is copyrighted. The multidisciplinary phenomenon of information security coupled with inter-organisational trust requires more attention from the research community.

Halonen, Theeis Karjalainen, Mari.

The need for a data protection management system – Atea

Specifically, the security controls stipulated in ISO can be partially matched on a headline level to the GDPR controls but are different in their meaning execution. An identified consequence is that the workshops to information security management system thesis issues and quantify them has to be performed in a different way.

Building inter-organizational trust by implementin