TAM-TOE Framework for ISO 27037 Adoption in Malaysian Forensic Agencies

on


Table of Contents

  1. Introduction

  2. Understanding the Context: Why ISO 27037 Matters

  3. The Research Gap

  4. An Integrated TAM-TOE Framework: A Novel Contribution

  5. Research Methodology

  6. Key Findings and Insights

  7. Policy Implications

  8. Broader Significance

  9. Conclusion

Introduction

In today's increasingly digitized world, cybersecurity and digital forensics have emerged as vital pillars of national security and justice systems. The ISO/IEC 27037 standard, which provides guidelines for the identification, collection, acquisition, and preservation of digital evidence, plays a crucial role in ensuring the integrity and admissibility of electronic evidence. However, while the private sector in developed countries has embraced this standard, its adoption within government agencies of emerging economies remains poorly understood.

This gap in implementation is particularly pressing in Malaysia, where government digital forensic units are navigating complex technological, organizational, and environmental challenges. A new study bridges this gap by proposing an innovative TAM-TOE Framework to understand and facilitate ISO 27037 adoption in the Malaysian public sector. This research offers both theoretical contributions and practical insights, positioning itself as a timely and impactful contribution to the field of digital forensics and cybersecurity governance.

🌐 Nominations Open for the International Forensic Scientist Awards!
Recognize excellence in digital forensics and cybersecurity research.
👉 Submit your nomination today!

Understanding the Context: Why ISO 27037 Matters

ISO 27037 provides a formalized approach for handling digital evidence to ensure it remains forensically sound, legally defensible, and trustworthy in court. Despite its importance, adoption in developing nations lags due to institutional limitations, budgetary constraints, and skill gaps.

In Malaysia, digital forensics professionals within government departments face these challenges daily. Without formal adoption of ISO 27037, the risk of mishandled evidence, inconsistent procedures, and compromised legal outcomes rises considerably. The urgency of standardizing practices in public sector forensic units cannot be overstated.

The Research Gap

Most existing research on ISO 27037 adoption has focused on private-sector firms in developed nations. These studies often overlook the unique governance, funding, and workforce realities that public agencies face in developing contexts.

To address this imbalance, the study proposes a comprehensive adoption model tailored to the Malaysian government sector, combining two robust theoretical lenses:

  • Technology Acceptance Model (TAM): Focuses on how individual perceptions—such as perceived usefulness, ease of use, and behavioral intention—drive technology acceptance.

  • Technology-Organization-Environment (TOE) Framework: Highlights the organizational, technological, and external factors influencing technology adoption.

An Integrated TAM-TOE Framework: A Novel Contribution

The innovation of this research lies in the integration of TAM and TOE frameworks to form a unified, empirically tested model. Most notably, the model introduces “organizational readiness” as a second-order construct, composed of six critical dimensions:

  1. Digital Forensic Readiness: Availability of forensic policies and systems.

  2. Resource Availability: Funding, tools, and skilled human resources.

  3. Governance Structures: Internal management and policy alignment.

  4. Compliance Culture: Organizational attitude toward regulation.

  5. Leadership Support: Top-down commitment to digital forensics.

  6. Institutional Trust: Public and inter-agency confidence in forensic work.

By mapping these organizational elements onto the individual and technological perspectives provided by TAM and TOE, the study presents a multifaceted view of ISO 27037 adoption.

Research Methodology

The study employed a quantitative survey targeting digital forensic professionals in various Malaysian government agencies. Data were analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM), enabling complex, multivariate analysis to evaluate the relationships between individual, organizational, and environmental factors.

Key constructs measured include:

  • Perceived Ease of Use

  • Perceived Usefulness

  • Behavioral Intention to Adopt

  • Technological Compatibility

  • Organizational Readiness

  • Regulatory Environment

Key Findings and Insights

  1. Individual Motivation Matters—but Only to a Point
    While perceived usefulness and ease of use significantly influence behavioral intention, they are not sufficient on their own. Without organizational support, these intentions seldom translate into real-world implementation.

  2. Organizational Readiness is Pivotal
    The six-dimensional model of organizational readiness emerged as the strongest predictor of successful ISO 27037 adoption. Agencies with better internal governance, leadership, and resources are far more likely to implement and institutionalize the standard.

  3. Environment and Regulation Also Play Roles
    The study found that the external environment—including regulatory pressures and inter-agency collaboration norms—affects both organizational readiness and adoption likelihood.

  4. A Mediating Role of Organizational Readiness
    Organizational readiness acts as a bridge between individual cognitive factors and actual implementation behavior. This finding emphasizes that top-down institutional investment must accompany bottom-up employee enthusiasm for meaningful change.

Policy Implications

The findings offer several practical takeaways for Malaysian policymakers and digital forensic practitioners:

  • Invest in Training and Awareness Programs: Encourage understanding of ISO 27037 at all levels of government.

  • Strengthen Organizational Capacity: Allocate resources and leadership attention to building organizational readiness.

  • Foster Inter-Agency Trust: Collaboration between law enforcement, judiciary, and cybersecurity bodies is crucial.

  • Implement Regulatory Mandates: External enforcement can accelerate adoption where voluntary uptake lags.

Broader Significance

Beyond Malaysia, this integrated TAM-TOE model can be adapted to other emerging economies facing similar challenges in standardizing digital forensics. Whether in Southeast Asia, Africa, or Latin America, public-sector digital forensic agencies can benefit from a model that appreciates both the human and institutional dimensions of ISO 27037 adoption.

Conclusion

This study provides a compelling argument for why both individual motivation and organizational capacity are necessary for successful adoption of international forensic standards in developing country contexts. The integrated TAM-TOE framework offers a scalable, evidence-based model that can guide implementation strategies in government agencies worldwide.

By showcasing the Malaysian experience, this research contributes meaningfully to the global discourse on digital forensic capability building, especially in regions where such institutional frameworks are still evolving.

🔗 Learn more and apply at:

https://forensicscientist.org/

Nominations Open Now: Click here

–––––––––––––––––––––––––––––––––––––

Get Connected Here:

You Tube – Watch on YouTube

Twitter: https://x.com/AwardForensic

Instagram:  Follow on Instagram

WhatsApp Channel: Follow on WhatsApp

Comments

Post a Comment