Definition of security roles and responsibilities
Assign topic to the user
Answer: ISO 27001 does not require to write a separate document for roles and responsibilities, that's why there is no specific template in the toolkit defining roles and responsibilities
Besides the general roles and responsibilities defined in the Information Security Policy template, all other detailed responsibilities are defined in each template every time an specific activity is required to be performed. Every time you find the field "[job title]" in a template this means that you have to define who has the responsibility to perform the activity described in the sentence. For example, in the sentence:
"[job title] must document the following in the Statement of Applicability: ...", you have to define which role in your organization has the r esponsibility to fill the Statement of Applicability.
This article will provide you further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
By the way, with the toolkit you bought you also have the access to video tutorial that can help you fill your documentation. You can find these tutorials in Conformio, it the menu "Repository", in folder "Video tutorials" - see what you need to click here: https://www.screencast.com/t/T5rLxMgc3UJz
Comment as guest or Sign in
Sep 30, 2017