Integrating individual and organizational perspectives: A TAM-TOE framework for ISO 27037 adoption in Malaysian government digital forensics agencies

Abstract

The adoption of ISO 27037, the international standard for digital evidence handling, remains poorly understood in emerging economy government contexts despite its critical importance for cybersecurity and judicial integrity. Existing literature predominantly examines private-sector implementations in developed economies, neglecting the unique institutional and resource constraints faced by public agencies in developing nations. This study addresses this gap by investigating ISO 27037 adoption among Malaysian government digital forensics professionals through an innovative integration of the Technology Acceptance Model (TAM) and Technology-Organization-Environment (TOE) framework. The research develops a comprehensive theoretical model combining individual cognitive factors (training, perceived ease of use, perceived usefulness, and behavioral intention) with organizational, technological and environmental determinants. A key innovation is conceptualizing organizational readiness as a second-order construct comprising six dimensions: digital forensic readiness, resource availability, governance structures, compliance culture, leadership support, and institutional trust. Using quantitative survey methodology and Partial Least Squares Structural Equation Modeling (PLS-SEM), the study examines how individual cognitive factors influence adoption, the relative importance of organizational versus technological and environmental factors, and the pathway from individual acceptance through organizational readiness to actual implementation behaviors. Results demonstrate the complementary roles of TAM and TOE frameworks, with organizational readiness serving as a critical mediating mechanism between individual acceptance and implementation outcomes. The findings provide both theoretical advancement and practical insights for policymakers and practitioners, offering evidence-based guidance for developing targeted implementation strategies that address both individual acceptance factors and organizational capacity constraints. The research contributes to strengthening digital forensics capabilities in Malaysia's evolving cybersecurity landscape while providing a framework applicable to similar emerging economy contexts.