ISO 27001 and Job description
Just wanted to know if ISO 27001 requires Job description to be signed off
Assign topic to the user
I’m assuming that by Job Description you mean a document stating the essential job requirements, job duties, job responsibilities, and skills required to perform a specific role.
Considering that, ISO 27001 does not prescribe the development of job descriptions, only that roles, responsibilities, and authorities related to information security are defined and communicated, and that required competencies (i.e., knowledge, skills, and experiences) are identified and gaps treated.
These requirements are usually met by defining roles, responsibilities and authorities in various security policies and procedures; required competences are usually defined in a training & awareness plan.
Such documents need to be approved by the top management, but not necessarily signed; on the employee side, there needs to be a proof that those were delivered - either through a document management system, or by signing a document where an employee confirms the documents are read.
To see how a Statement of Acceptance of ISMS Documents looks like, please access the free demo of our template at this link: https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/
This article will provide you a further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
These materials will also help you regarding roles and responsibilities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 25, 2021

