{"id":"https://openalex.org/W7140193604","doi":"https://doi.org/10.1016/j.procs.2026.02.452","title":"ISO/IEC 27001:2022 in a Biotech SME: Open-Source Innovation Case Study in Taiwan","display_name":"ISO/IEC 27001:2022 in a Biotech SME: Open-Source Innovation Case Study in Taiwan","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7140193604","doi":"https://doi.org/10.1016/j.procs.2026.02.452"},"language":"en","primary_location":{"id":"doi:10.1016/j.procs.2026.02.452","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2026.02.452","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Procedia Computer Science","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://doi.org/10.1016/j.procs.2026.02.452","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Jung-Hsiung Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jung-Hsiung Huang","raw_affiliation_strings":["Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan","OBI Pharma, Inc., Taipei 115, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan","institution_ids":[]},{"raw_affiliation_string":"OBI Pharma, Inc., Taipei 115, Taiwan","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Kuen-Tsann Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kuen-Tsann Chen","raw_affiliation_strings":["Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan","institution_ids":[]}]},{"author_position":"last","author":{"id":null,"display_name":"Tseng-Chang Yen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tseng-Chang Yen","raw_affiliation_strings":["Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Applied Mathematics, National Chung Hsing University, Taichung 402, Taiwan","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.67785007,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"278","issue":null,"first_page":"175","last_page":"183"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.42739999294281006,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.42739999294281006,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13280","display_name":"Biomedical and Engineering Education","score":0.02590000070631504,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12486","display_name":"Food Supply Chain Traceability","score":0.02370000071823597,"subfield":{"id":"https://openalex.org/subfields/1106","display_name":"Food Science"},"field":{"id":"https://openalex.org/fields/11","display_name":"Agricultural and Biological Sciences"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.6722999811172485},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5906999707221985},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.49129998683929443},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4880000054836273},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.4481000006198883},{"id":"https://openalex.org/keywords/enterprise-resource-planning","display_name":"Enterprise resource planning","score":0.3571000099182129},{"id":"https://openalex.org/keywords/information-technology","display_name":"Information technology","score":0.34389999508857727},{"id":"https://openalex.org/keywords/compliance","display_name":"Compliance (psychology)","score":0.3337000012397766},{"id":"https://openalex.org/keywords/internal-control","display_name":"Internal control","score":0.3328000009059906}],"concepts":[{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.6722999811172485},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5906999707221985},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4952000081539154},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.49129998683929443},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4880000054836273},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.4481000006198883},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4462999999523163},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3986000120639801},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.36820000410079956},{"id":"https://openalex.org/C2777960535","wikidata":"https://www.wikidata.org/wiki/Q131508","display_name":"Enterprise resource planning","level":2,"score":0.3571000099182129},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3467000126838684},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.34389999508857727},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.3337000012397766},{"id":"https://openalex.org/C199450454","wikidata":"https://www.wikidata.org/wiki/Q1667931","display_name":"Internal control","level":3,"score":0.3328000009059906},{"id":"https://openalex.org/C2909264111","wikidata":"https://www.wikidata.org/wiki/Q740419","display_name":"Financial Audit","level":3,"score":0.3077999949455261},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.30320000648498535},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.29010000824928284},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.28610000014305115},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2808000147342682},{"id":"https://openalex.org/C177309310","wikidata":"https://www.wikidata.org/wiki/Q758917","display_name":"Information technology audit","level":5,"score":0.27300000190734863},{"id":"https://openalex.org/C48243021","wikidata":"https://www.wikidata.org/wiki/Q932522","display_name":"Strategic planning","level":2,"score":0.26649999618530273},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.26460000872612},{"id":"https://openalex.org/C169537543","wikidata":"https://www.wikidata.org/wiki/Q1056312","display_name":"Certified Information Systems Security Professional","level":5,"score":0.2637999951839447},{"id":"https://openalex.org/C170856484","wikidata":"https://www.wikidata.org/wiki/Q6452684","display_name":"Internal audit","level":3,"score":0.26350000500679016},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.25780001282691956},{"id":"https://openalex.org/C2778820799","wikidata":"https://www.wikidata.org/wiki/Q3454688","display_name":"Cost reduction","level":2,"score":0.2547999918460846},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.2540999948978424},{"id":"https://openalex.org/C86275758","wikidata":"https://www.wikidata.org/wiki/Q376657","display_name":"Strategic management","level":2,"score":0.2531999945640564},{"id":"https://openalex.org/C2987537975","wikidata":"https://www.wikidata.org/wiki/Q622439","display_name":"Small to medium enterprises","level":2,"score":0.25290000438690186},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.25279998779296875},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.procs.2026.02.452","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2026.02.452","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Procedia Computer Science","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.procs.2026.02.452","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2026.02.452","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Procedia Computer Science","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6244718432426453}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W3023101591","https://openalex.org/W3106639317","https://openalex.org/W3143257057","https://openalex.org/W3158069738","https://openalex.org/W3184606407","https://openalex.org/W3206240855","https://openalex.org/W4285982397","https://openalex.org/W4293152942","https://openalex.org/W4315497982","https://openalex.org/W4353004220","https://openalex.org/W4367187667","https://openalex.org/W4385812519","https://openalex.org/W4390765497","https://openalex.org/W4393279281"],"related_works":[],"abstract_inverted_index":{"This":[0,86],"study":[1],"explores":[2],"the":[3,35,52,132],"implementation":[4,77],"of":[5,146],"ISO/IEC":[6,26],"27001:2022":[7],"in":[8,17,29,58,64,72,154],"a":[9,22,55,61,69,92,108],"resource-constrained":[10],"biotech":[11],"small":[12],"and":[13,32,50,68,97,104,128],"medium":[14],"enterprise":[15],"(SME)":[16],"Taiwan.":[18],"The":[19,75,140],"company":[20,53],"adopted":[21],"phased":[23],"approach,":[24],"achieving":[25],"27001:2013":[27],"certification":[28],"April":[30,39],"2023":[31],"transitioning":[33],"to":[34,114,137],"2022":[36],"standard":[37],"by":[38,91],"2025.":[40],"By":[41],"leveraging":[42],"open-source":[43,147],"tools":[44,148],"for":[45,111,134],"security":[46,59],"monitoring,":[47],"log":[48],"management,":[49],"training,":[51],"achieved":[54],"31%":[56],"reduction":[57],"incidents,":[60],"40%":[62],"improvement":[63],"employee":[65],"cybersecurity":[66],"awareness,":[67],"10-point":[70],"increase":[71],"customer":[73],"satisfaction.":[74],"total":[76],"cost":[78],"was":[79],"approximately":[80],"35%":[81],"below":[82],"typical":[83],"industry":[84],"benchmarks.":[85],"mixed-methods":[87],"case":[88],"study,":[89],"guided":[90],"control":[93],"classification":[94],"framework":[95],"(ACT\u2013TRG\u2013SCP)":[96],"interpreted":[98],"through":[99],"threat":[100],"response,":[101],"technology":[102],"adoption,":[103],"institutional":[105],"theories,":[106],"provides":[107],"replicable":[109],"roadmap":[110],"resource-limited":[112],"SMEs":[113],"strengthen":[115],"their":[116],"Information":[117],"Security":[118],"Management":[119],"System":[120],"(ISMS).":[121],"Limitations":[122],"include":[123],"reliance":[124],"on":[125],"internal":[126],"auditing":[127],"biotech-specific":[129],"applicability,":[130],"suggesting":[131],"need":[133],"cross-industry":[135],"research":[136],"enhance":[138],"generalizability.":[139],"findings":[141],"demonstrate":[142],"that":[143],"strategic":[144],"use":[145],"can":[149],"enable":[150],"robust":[151],"ISMS":[152],"compliance":[153],"high-stakes":[155],"sectors.":[156]},"counts_by_year":[],"updated_date":"2026-04-25T08:17:42.794288","created_date":"2026-03-25T00:00:00"}