Development of an ISMS Maintenance Tracking System for Security Firms in Nairobi County
Main Article Content
Abstract
The increasing reliance on integrated security technologies in Kenya’s private security sector
has intensified the need for effective maintenance of Integrated Security Management
Systems (ISMS) to ensure operational continuity, compliance, and resilience. This study
examined current ISMS maintenance practices, identified recognized best practices, and
developed a digital ISMS Maintenance Tracking System tailored for private security firms in
Nairobi County. Guided by the Design Science Research (DSR) paradigm and theoretically
grounded in General Systems Theory (GST), the Technology Acceptance Model (TAM), and
Total Productive Maintenance (TPM), the research followed a two-phase process, including a
diagnostic quantitative survey to assess existing and best ISMS maintenance practices and the
design, development, and validation of an ISMS Maintenance Tracking System via User
Acceptance Testing (UAT). Using a descriptive and developmental research design,
structured questionnaires were administered to 90 sample respondents, yielding a 70%
response rate. Data were analyzed descriptively and inferentially. Results show that current
maintenance practices are weak and negatively associated with system effectiveness (B = -
0.893, p < 0.001; R² = 0.423), while best practices, including preventive scheduling, SLA
monitoring, and real-time logging, positively predict effectiveness (B = 0.815, p < 0.001; R²
= 0.350). The combined model (F(2,60) = 89.812, p < 0.001; R² = 0.750) explains 75% of the
variance in effectiveness. UAT demonstrated high usability and functionality (over 90%
satisfaction across modules). The study concludes that replacing fragmented, reactive
procedures with an automated, standards-aligned tracking system substantially improves
ISMS reliability, accountability, and compliance. The study recommends adopting ISO/IEC
27001-aligned maintenance frameworks and deploying the developed system in phases. In
practice, the study provides a validated maintenance tool; for policy, it offers evidence to
inform regulatory frameworks; and theoretically, it extends DSR applications to context-
driven ISMS solutions that support Kenya’s Private Security Regulation Act (2016) and SDG
9.
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
I/We agree to transfer the copyright of this manuscript to the International Journal of Professional Practice (The IJPP) in the event that the manuscript is published in the Journal.
I/We give the undersigned authors of the manuscript have made the following declaration:
(a) That I/We have made substantial contribution during the conception and design, or acquisition of data, or analysis and interpretation of the data,
(b) That I/We have participated in drafting the article or revising it critically for important intellectual content,
(c) That I/We have read and confirm the content of the manuscript and have agreed to it,
(d) That I/We have participated sufficiently in the work to take public responsibility for appropriate portions of the content of the paper,
(e) That I/We give guarantee that the content of the manuscript is original, and has not beenvpublished elsewhere and is not currently being considered for publication by another journal.
References
Agarwal, R., & Prasad, J. (2023). Technology acceptance and adoption in emerging economies: Revisiting TAM for the digital era. Journal of Information Systems Research, 34(2), 145–160. https://www.mdpi.com/1996-1073/17/8/1982 DOI: https://doi.org/10.3390/en17081982
Ahmed, M., Khan, R., & Shah, S. (2022). Information security management in SMEs: Challenges and practices. Journal of Information Security and Applications, 68(1), 103207. https://files01.core.ac.uk/download/pdf/162231466.pdf
Alghamdi, A., & Bach, C. (2024). User experience and technology adoption in cybersecurity systems: An empirical validation of TAM2. Information Technology Journal, 19(3), 200–214. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4786584
Almuhammadi, S., & Alsaleh, M. (2021). Information security governance framework for small and medium enterprises. Computers & Security, 109, 102393. https://www.mdpi.com/2079-9292/12/17/3629
Anderson, P., & Lee, K. (2023). Predictive analytics in information system maintenance: Trends and frameworks. Computers in Industry, 151, 103988. https://link.springer.com/chapter/10.1007/978-981-96-7134-2_40 DOI: https://doi.org/10.1016/j.compind.2023.103988
Bertalanffy, L. (1968). General system theory: Foundations, development, applications. George Braziller.
Capgemini. (2023). World quality report 2023–24. Capgemini Research Institute. https://www.capgemini.com/research/world-quality-report
Chege, J. (2024). Adoption of information security standards in Kenyan SMEs (Tech. Rep.). Kenya Institute of ICT Research.
Crespo Márquez, A. (2022). The maintenance management framework: Models and methods for complex systems maintenance. Springer. DOI: https://doi.org/10.1007/978-3-030-97660-6
Creswell, J. W., & Creswell, J. D. (2018). Research design: Qualitative, quantitative, and mixed methods approaches (5th Ed.). SAGE Publications.
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319–340. https://misq.umn.edu/misq/article-abstract/13/3/319/191/Perceived-Usefulness-Perceived-Ease-of-Use-and DOI: https://doi.org/10.2307/249008
Emmanouilidis, C., Liyanage, J. P., & Jantunen, E. (2009). Mobile solutions for engineering asset and maintenance management. Journal of Quality in Maintenance Engineering, 15(1), 92–105. https://www.emerald.com/jqme/article/15/1/92/248120 DOI: https://doi.org/10.1108/13552510910943903
Gartner. (2020). Market guide for IT infrastructure monitoring tools (Tech. Rep.). Gartner Inc.
Gartner. (2024). Forecast analysis: IT operations and monitoring tools, worldwide, 2024. Gartner Inc.
Government of Kenya. (2019). Data Protection Act, No. 24 of 2019. Kenya Gazette Supplement No. 181 (Acts No. 24). http://kenyalaw.org/kl/fileadmin/pdfdownloads/Acts/2019/DataProtectionAct__No24of2019.pdf
Grenefalk, L., & Wallin, C. N. (2023). Security management: Investigating the challenges and success factors in the implementation and maintenance of Information Security Management Systems (ISMS) [Master’s thesis, Stockholm University].Sweden. https://su.diva-portal.org/smash/get/diva2:1784450/FULLTEXT01.pdf
Grobler, M., & von Solms, R. (2021). The need for effective information security management in the digital age. Information & Computer Security, 29(4), 642–660. https://ersj.eu/journal/3427
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105. https://misq.umn.edu/misq/article-abstract/28/1/75/261/Design-Science-in-Information-Systems-Research1?redirectedFrom=fulltext DOI: https://doi.org/10.2307/25148625
International Organization for Standardization (2018). ISO/IEC 20000-1:2018 information technology - service management – part 1: Service management system requirements. https://www.iso.org/standard/70636.html
International Organization for Standardization (2022). ISO/IEC 27001:2022 information security, cybersecurity, and privacy protection - information security management systems requirements. https://www.iso.org/standard/82875.html
Jevelin, J., & Faza, A. (2023). Evaluation of the information security management system: A path towards ISO 27001 certification. Journal of Information Systems and Informatics, 5(4), 1240–1256. https://pdfs.semanticscholar.org/ffd0/c571f1e24b8a354d65fe317c34ee07528117.pdf DOI: https://doi.org/10.51519/journalisi.v5i4.572
Kast, F. E., & Rosenzweig, J. E. (2022). Organization and management: A systems and contingency approach (Rev. ed.). McGraw-Hill.
Khan, A., Ahmad, S., & Rahman, M. (2021). Proactive information security management practices in SMEs. Journal of Cybersecurity Research, 6(2), 89–105. https://www.nature.com/articles/s41598-025-97204-y
Kothari, C. R. (2014). Research methodology: Methods and techniques (4th Ed.). New Age International Publishers.
Kuria, J. N., & Kagiri, D. (2023). Development of IT-based tools for service management in security firms: A case of Nairobi County. East African Journal of Information Technology, 3(2), 90–105. I: https://doi.org/10.37284/eajit.7.1.1757 DOI: https://doi.org/10.37284/eajit.7.1.1757
Marhad, S. S., Abd Goni, S. Z., & Abdullah Sani, M. K. J. (2024). Implementation of Information Security Management Systems for data protection in organizations: A systematic literature review. Environment-Behaviour Proceedings Journal, 9(SI18), 197–203. https://ebpj.e-iph.co.uk/index.php/EBProceedings/article/view/5483 DOI: https://doi.org/10.21834/e-bpj.v9iSI18.5483
Mutinda, F. M., & Wabwoba, F. (2023). Adoption of ISMS in Kenyan SMEs: Opportunities and barriers. African Journal of Information Systems, 15(1), 57–72. https://www.academia.edu/25799851/The_African_Journal_of_Information_Systems_Absorptive_Capacity_and_ICT_Adoption_Strategies_for_SMEs_a_Case_Study_in_Kenya_Recommended_Citation
Nakajima, S. (1988). Introduction to TPM: Total productive maintenance. Productivity Press.
Ndungu, J., & Kimani, P. (2023). Barriers to automation in Kenyan ICT enterprises. African Journal of Technology and Innovation, 4(1), 112–127. https://cedred.or.ke/jais/images/august2025/1PDF_Ndunga__Kithome_Arti%EF%AC%81cial_Intelligence_in_Communication_Scholarship.pdf
Nunnally, J. C., & Bernstein, I. H. (1994). Psychometric theory (3rd Ed.). McGraw-Hill.
Omari, L., & Mwarey, D. (2020). Information security compliance practices in Kenyan financial institutions. African Journal of Information Systems, 12(4), 211 - 230. https://www.researchgate.net/publication/382181008_Information_Security_Management_System_Practices_in_Kenya
Pressman, R. S., & Maxim, B. R. (2020). Software engineering: A practitioner’s approach (9th Ed.). McGraw-Hill.
Private Security Regulatory Authority (PSRA). (2024). List of licensed private security companies. PSRA Kenya. https://psra.go.ke
Prislan, K., Mihelič, A., & Bernik, I. (2020). A real-world information security performance assessment using a multidimensional socio-technical approach. PLOS ONE, 15(9), e0238739. https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0238739 DOI: https://doi.org/10.1371/journal.pone.0238739
Serrano, L., Ortega, F., & Liu, H. (2022). Predictive maintenance in cybersecurity systems using AI-driven analytics. Computers & Industrial Engineering, 170, 108373. https://www.mdpi.com/2223-7747/14/21/3390
Tan, Y., & Kim, J. (2021). Organizational accountability in information security management. Information Management Journal, 58(4), 303–319. https://www.sciencedirect.com/science/article/pii/S2444569X24001495
Venkatesh, V., & Bala, H. (2021). Technology acceptance model 3 and a research agenda on interventions. Decision Sciences, 52(3), 567–606. https://onlinelibrary.wiley.com/doi/full/10.1111/j.1540-5915.2008.00192.x
Whitman, M. E., & Mattord, H. J. (2022). Principles of information security (7th Ed.). Cengage Learning.
Wireman, T. (2010). Total productive maintenance (2nd Ed.). Industrial Press.
Yamane, T. (1967). Statistics: An introductory analysis (2nd Ed.). Harper & Row.