Implementation of the ISO 27001:2013 standard in an academic library: case of Meru University of Science and Technology

Abstract

Academic libraries are often considered the ‘heart’ of academic institutions.  They are charged with provision of a range of resources, services, tools and software that are increasingly made available online.   With information as the key resource under its responsibility, information security is a pertinent component to assure its confidentiality, integrity and availability.   This paper describes the process of implementing the ISO 27001:2013 Information Security Standard for the library system of Meru University of Science and Technology. Theoretical models in information security in the library are examined.  Next, details of the approach undertaken in meeting the requirements of the standard are discussed.  The benefits gained and challenges that were faced are presented  The lessons gained herein will assist similar institutions seeking to get certified using this standard.