Assign topic to the user
Answer: ISO 27001 does not require the CISO position, so you can designate any existing position in your organization to assume related information security responsibilities.
Regarding the use of name and surname, we recommend the use of role or job title, because if the person responsible for information security changes, you will have to change all related documentation to the new name, while by using the job title, in general you will have to change only the organizational chart. It is important to note that this recommendation is also valid to other roles you may define in your Information Security Management System.
These articles will provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Comment as guest or Sign in
Jul 11, 2018