Guest user Created: Jul 29, 2018 Last commented: Jul 29, 2018

Documentation of security responsibilities

Is it necessary to add the specific ISO 27001 duties, responsibilities and related ISO controls to the job descriptions of HR, Finance IT Manager, Office Administrator managing some aspects of physical access? I have already written job descriptions for the Information Security Officer and the Data Protection Officer.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 29, 2018

Answer: ISO 27001 only requires the definition, designation and communication of responsibilities and authorities regarding ensuring the ISMS conforms with the standard and that reporting on the performance of the ISMS is made to top management. Other duties and responsibilities can be added if the organization identified need to do that.

You can document general information security roles and responsibilities in job descriptions, or as a part of the organizational chart, or in the Information Security Policy.

Specific security roles and responsibilities can be documented in policies, procedures, plans, and other documents that you develop as a part of the ISO 27001 implementation.

This article will provide you further expla nation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 29, 2018

Expert Advice Community