Documenting roles and responsibilities

We have listed the roles, responsibilities and authorities in the job description maintained by the HR team for each functions. These roles, responsibilities and authorities are also mentioned as part of the individual process documents of each function. They are very much in line with the JD maintained by HR. Is it mandatory to list down the roles and responsibilities in the individual process documents as its a mandatory section.

Answer:

ISO 9001 and ISO 27001 only require that roles, responsibilities and authorities are assigned and communicated (documenting them is not mandatory), so the organization is free to document them the way it is best for them (as a good practice).

But it is important to note that job description and process documents have different purposes, and by not listing down the roles and responsibilities in the individual process documents may affect process performance, so you should evaluate this modification before m aking a decision.
These articles will provide you further explanation about documenting roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/