Who shall create, review, and approve documents (i.e., policies and procedures) for ISO 27001?
The practice in our organizations is that all Corporate Service Unit Heads that would be affected by the documents need to sign will be "Endorsers" for the documents.
I would like to propose that they minimize number of approvers. But I need justification for the proposal.
I just need a justification for reducing number of signatories for the documents so that the routing would be lessen. I mean the governance team would be the signatories instead of a lot in the list.
Except by the top-level Information Security Policy, which is required to be approved by top management, ISO 27001 does not prescribe who needs to create, review, and approve documents for ISO 27001, so organizations can define these roles as best they fit their needs.
Considering that, operationally speaking, you can justify that the reduction of the number of signatories will make the approval process more efficient.
Good practice is that one person from the top management approves the document, and a couple of relevant people review the document before it is approved - this makes the process faster, and the documents better.