Expert Advice Community

Guest

Communication of information security

  Quote
Guest
Guest user Created:   May 07, 2018 Last commented:   May 07, 2018

Communication of information security

Thanks a lot for your feedback on the matter. Much appreciated. In the meantime would you or your colleague clarify the below query:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 07, 2018

“Can you please clarify where we specify what areas need to be known by what group of people?

For example, the NOC personnel are not involved in Legal Matters (A.18) and vice versa Legal department needn’t know about the Incident Management Procedure (A.16). Our aim is that all employees in Scope must know the Scope Document and the IS Policy very well and then know documents that are relevant to their particular domain.”

Answer: Included in the toolkit you bought there is a template called Training & Awareness Plan that you can use to map and organize the competences required for particular areas/skills and which people need to know them. This template can be found on folder 09 Training and Awareness Plan.

Regarding your example, it is important to note that although NOC personnel is not directly responsible for Legal Matters, they provide an important support for the technical evaluation of solutions t o be implemented. Likewise, legal department should be aware of Incident Management Procedure to ensure evidences are properly handled so they can be legally accepted in case when a legal action is needed. It is important to note that information security requires a multidisciplinary approach to be effective, with different areas working together.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 07, 2018

May 07, 2018

Suggested Topics

Guest user Created:   Aug 08, 2018 ISO 27001 & 22301
Replies: 1
0 0

CISO role