⚠ Official Notice: www.ijisrt.com is the official website of the International Journal of Innovative Science and Research Technology (IJISRT) Journal for research paper submission and publication. Please beware of fake or duplicate websites using the IJISRT name.



Adoption of ISO/IEC 27001 in Mozambique: Challenges, Opportunities, and Implications for Information Security Governance


Authors : Julião Artur Francisco Mussa

Volume/Issue : Volume 11 - 2026, Issue 6 - June


Google Scholar : https://tinyurl.com/ytxvmk6s

Scribd : https://tinyurl.com/2rutbje5

DOI : https://doi.org/10.38124/ijisrt/26jun1208

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.


Abstract : The increasing digitalization of economic and social activities has intensified the importance of information security as a strategic component of organizational governance and digital resilience. In this context, ISO/IEC 27001 has emerged as the leading international standard for implementing Information Security Management Systems (ISMS), supporting organizations in managing cybersecurity risks, enhancing regulatory compliance, and strengthening digital trust. Despite its global relevance, limited research has examined the factors influencing ISO/IEC 27001 adoption in developing countries, particularly within the Mozambican context. This study analyzes the challenges, opportunities, and implications associated with the adoption of ISO/IEC 27001 in Mozambique. An integrative literature review and documentary analysis were conducted, drawing upon scientific publications, institutional reports, regulatory frameworks, and policy documents. The analysis was guided by the Technology–Organization–Environment (TOE) framework and the Technology Acceptance Model (TAM), enabling the examination of technological, organizational, environmental, and behavioral determinants of adoption. The findings indicate that ISO/IEC 27001 adoption is influenced by a combination of factors, including technological infrastructure, organizational capabilities, financial resources, regulatory conditions, management commitment, and stakeholders’ perceptions of usefulness and implementation complexity. Key barriers include the shortage of qualified cybersecurity professionals, implementation and certification costs, infrastructural limitations, and low levels of cybersecurity maturity. Conversely, significant opportunities were identified, including enhanced digital trust, improved regulatory compliance, stronger risk management practices, increased organizational competitiveness, and greater resilience against cyber threats. The study concludes that ISO/IEC 27001 represents a strategic instrument for strengthening information security governance in Mozambique. The findings contribute to the literature on information security governance and technology adoption by integrating the TOE and TAM frameworks within a developing-country context. Practical recommendations are provided for organizations, policymakers, and regulatory institutions seeking to foster cybersecurity maturity and sustainable digital transformation.

Keywords : ISO/IEC 27001; Information Security Governance; Information Security Management Systems (ISMS); Cybersecurity; Technology–Organization–Environment (TOE); Technology Acceptance Model (TAM); Digital Transformation; Mozambique.

References :

  1. INTIC. (2025). Segurança dos dados em Moçambique na transformação digital e computação em nuvem: Uma abordagem estratégica. Disponível em: https://intic.gov.mz/seguranca-dos-dados-em-mocambique-na-transformacao-digital-e-computacao-em-nuvem-uma-abordagem-estrategica/
  2. Barros, M. J. Z., & Van Niekerk, B. (2023). Cybersecurity in Mozambique: Status and Challenges. European Conference on Information Warfare and Security.
  3. ISO. (s.d.). ISO/IEC 27000 family - Information security management systems. Disponível em: https://www.iso.org/isoiec-27001-information-security.html
  4. Linford & Co. (2025). What is ISO? Understanding International Security Standards. Disponível em: https://linfordco.com/blog/what-is-the-iso/
  5. Kitsios, F. (2023). The ISO/IEC 27001 Information Security Management Standard to Ensure Compliance. MDPI.
  6. SGS. (s.d.). Certificação ISO/IEC 27001 - Segurança da Informação. Disponível em: https://www.sgs.com/pt-mz/servicos/certificacao-iso-iec-27001-seguranca-da-informacao-ciberseguranca-e-protecao-da-privacidade
  7. ISO. (s.d.). The impact of ISO/IEC 27001 certification on digital trade. Disponível em: https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100505.pdf
  8. Tjirare, D. J. (2018). Designing a national adoption policy framework for ISO/IEC 27000 standards implementation in Namibia. NUST Repository.
  9. Ramtohul, A., & Soyjaudah, K. M. S. (2016). Information security governance for e-services in southern African developing countries e-Government projects. Journal of Science & Technology Policy Management.
  10. Culot, G., & Nassimbeni, G. (s.d.). The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. ResearchGate.
  11. Ramadhan, N. (s.d.). IEC 27001 Information Security Management Standard to SMEs. DiVA Portal.
  12. Moçambique. (2017). Lei n.º 3/2017, de 9 de Janeiro (Lei das Transações Eletrónicas). Disponível em: https://www.dataguidance.com/sites/default/files/electronic_transactions_law.pdf
  13. PLMJ. (2025). Moçambique: Proposta de Lei de Proteção de Dados Pessoais. Disponível em: https://www.plmj.com/pt/conhecimento/notas-informativas/Mocambique-Proposta-de-Lei-de-Protecao-de-Dados-Pessoais/34166/
  14. INTIC. (s.d.). Governo inicia processo de actualização da Estratégia Nacional de Segurança Cibernética 2026-2030. Disponível em: https://intic.gov.mz/governo-inicia-processo-de-actualizacao-da-estrategia-nacional-de-seguranca-cibernetica-2026-2030/
  15. Academia.edu. (s.d.). SEGURANÇA CIBERNÉTICA: CAPACIDADE DE RESPOSTA À ATAQUES CIBERNÉTICOS A INFRA-ESTRUTURAS CRÍTICAS DE INFORMAÇÃO NO SECTOR DE TELEFONIA MÓVEL EM MOÇAMBIQUE. Disponível em: https://www.academia.edu/116788231/SEGURAN%C3%87A_CIBERN%C3%89TICA_CAPACIDADE_DE_RESPOSTA_%C3%80_ATAQUES_CIBERN%C3%89TICOS_A_INFRA_ESTRUTURAS_CR%C3%8DTICAS_DE_INFORMA%C3%87%C3%83O_NO_SECTOR_DE_TELEFONIA_M%C3%93VEL_EM_MO%C3%87AMBIQUE
  16. ITU. (s.d.). Global Cybersecurity Index. Disponível em: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
  17. ISACA. (2024). Navigating the ISO/IEC 27001:2022 Transition: A 90-Day Challenge. Disponível em: https://www.isaca.org/resources/isaca-journal/issues/2024/volume-3/navigating-the-iso-iec-27001-2022-transition-a-90-day-challenge
  18. BSI Group. (s.d.). Transition to the ISO/IEC 27001:2022 standard. Disponível em: https://www.bsigroup.com/en-GB/insights-and-media/insights/blogs/transition-to-the-iso-iec-27001-2022-standard/
  19. DePietro, R., Wiarda, E., & Fleischer, M. (1990). The context for change: Organization, technology and environment. In L. G. Tornatzky & M. Fleischer (Eds.), The processes of technological innovation (pp. 151-175). Lexington Books.
  20. Emergent Mind. (2026). TOE Framework: Tech, Org, Environment. Disponível em: https://www.emergentmind.com/topics/technology-organization-environment-toe-framework
  21. Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319-340.
  22. ScienceDirect. (s.d.). Integrating Individual and Organizational Perspectives: A TAM-TOE Framework for ISO 27037 Adoption in Malaysian Government Digital Forensics Agencies. Disponível em: https://www.sciencedirect.com/science/article/pii/S2199853125001301
  23. Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., ... & Moher, D. (2021). The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ, 372.

The increasing digitalization of economic and social activities has intensified the importance of information security as a strategic component of organizational governance and digital resilience. In this context, ISO/IEC 27001 has emerged as the leading international standard for implementing Information Security Management Systems (ISMS), supporting organizations in managing cybersecurity risks, enhancing regulatory compliance, and strengthening digital trust. Despite its global relevance, limited research has examined the factors influencing ISO/IEC 27001 adoption in developing countries, particularly within the Mozambican context. This study analyzes the challenges, opportunities, and implications associated with the adoption of ISO/IEC 27001 in Mozambique. An integrative literature review and documentary analysis were conducted, drawing upon scientific publications, institutional reports, regulatory frameworks, and policy documents. The analysis was guided by the Technology–Organization–Environment (TOE) framework and the Technology Acceptance Model (TAM), enabling the examination of technological, organizational, environmental, and behavioral determinants of adoption. The findings indicate that ISO/IEC 27001 adoption is influenced by a combination of factors, including technological infrastructure, organizational capabilities, financial resources, regulatory conditions, management commitment, and stakeholders’ perceptions of usefulness and implementation complexity. Key barriers include the shortage of qualified cybersecurity professionals, implementation and certification costs, infrastructural limitations, and low levels of cybersecurity maturity. Conversely, significant opportunities were identified, including enhanced digital trust, improved regulatory compliance, stronger risk management practices, increased organizational competitiveness, and greater resilience against cyber threats. The study concludes that ISO/IEC 27001 represents a strategic instrument for strengthening information security governance in Mozambique. The findings contribute to the literature on information security governance and technology adoption by integrating the TOE and TAM frameworks within a developing-country context. Practical recommendations are provided for organizations, policymakers, and regulatory institutions seeking to foster cybersecurity maturity and sustainable digital transformation.

Keywords : ISO/IEC 27001; Information Security Governance; Information Security Management Systems (ISMS); Cybersecurity; Technology–Organization–Environment (TOE); Technology Acceptance Model (TAM); Digital Transformation; Mozambique.

Paper Submission Last Date
31 - July - 2026

SUBMIT YOUR PAPER CALL FOR PAPERS
Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe