Documentation of security responsibilities
Assign topic to the user
Answer: ISO 27001 only requires the definition, designation and communication of responsibilities and authorities regarding ensuring the ISMS conforms with the standard and that reporting on the performance of the ISMS is made to top management. Other duties and responsibilities can be added if the organization identified need to do that.
You can document general information security roles and responsibilities in job descriptions, or as a part of the organizational chart, or in the Information Security Policy.
Specific security roles and responsibilities can be documented in policies, procedures, plans, and other documents that you develop as a part of the ISO 27001 implementation.
This article will provide you further expla nation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
Comment as guest or Sign in
Jul 29, 2018