Defining roles and responsibilities

Ideally we need you to guide us with the minimum team we need to implement the ISO 27001 standard 'in-house' and also what roles can be combined.

Answer:

ISO 27001 does not prescribe a "minimum team" for running an ISMS, so organizations are free to define the size of their teams according to their needs.

For very small organizations just one person with the proper competencies and authority is able to run an ISMS. For organizations up to 50 employees you may consider one person at top management level and one person to run daily activities. For bigger organizations you should consider including information security responsibilities on existing roles like IT manager, HR manager, and training them to perform relat ed activities.

These articles will provide you further explanation about roles and responsibilities:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/