New Management Standard for Digital Data Protection Using A PDCA Model Anchored to ISO/IEC 27001 and R.A. 10173

Abstract

ICT security has proven to be important in any organization in dealing with digital data. In implementing data protection, there are several challenges that an organization may encounter such as employee’s lack of awareness and education, cybersecurity threats, data breaches, lack of technical infrastructure, and limited resources. To combat internal security threats and encourage employees' security habits every agency, in the different sectors of the government must practice and promote data protection awareness against cybercrimes. To improve the security posture of every public or private organization in the Philippines. This study looked at a newly suggested security management standard that offers a thorough framework for detecting and evaluating risks to ICT (information and communication technology) systems and applications. The proposed standard strongly emphasizes the necessity of ongoing security control monitoring and assessment, frequent recovery plan testing and evaluation, and compliance with the PDCA Model anchored to the ISO/IEC 27001 standard and the Data Privacy Act of 2012. The study examined the suggested standard's main aspects and potential business advantages, including security, compliance, and stakeholder coordination and communication as well as emphasized the difficulties in implementing the suggested standard, including the requirement for significant resources and knowledge. The proposed standard also provides a common language for communication and collaboration among stakeholders, including I.T. staff, business leaders, and external partners. This can help promote a security culture and ensure everyone in the organization works together towards a common goal.