Doubt 1: Some of the links pointed out in the comments are no longer available, is there an update?
Answer: First of all, sorry for this situation.
Please provide information about the missing links and we will send you the correct ones.
Doubt 2: Some documents mention “[position]”, I would like to know what is the most advisable way to change this variable? If for an existing position even if that position is in several functions or fill with a position to be created but which will temporarily be occupied by the same person?
Answer: First is important to note that both approaches are acceptable to fulfill the standard’s requirements. The suggested approach is to use the position that will be responsible for the activity in the long term, regardless of the person that will be designated for it. This way you will minimize the need to update the document to change the responsible position.
Comments for each [position] suggests which job titles you might use. Also, included in the toolkit you have access to video tutorials which show how these positions could be filled out for some documents.
For further information, see:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
Question 3: How can I find out which laws are mandatory for my company/situation?
Answer: For this situation, our recommendation is for you to look for local legal advice.
As for a starting point, you can use the information in this link:
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/