Executives involved in ISO 27001
1. How and which Executives need to get involved in ISO 27001.
2. Which documents need to be overseen by them specifically?
Assign topic to the user
1. How and which Executives need to get involved in ISO 27001.
The executives to be involved will depend on the ISMS scope. In case all the organization is in the ISMS scope, then the CEO is the top executive to be involved, as well as the other executives, representing their areas. In case the ISMS scope is limited to part of the organization, then the highest executives in the defined scope must be involved.
The executives' involvement basically covers:
- ensure that information security supports the company strategy;
- definition of objectives to be achieved;
- definition of specific related responsibilities and authorities to information security;
- provision of resources;
- general performance review.
For more information about the roles and responsibilities of executives in information security I suggest these materials:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
- How to document roles and responsibilities according to ISO 27001 https://advisera.c om/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
2. Which documents need to be overseen by them specifically?
Considering the mentioned responsibilities, the most common documents you will find are:
- Information security policy
- Management review
To see how these documents look like, please access these links:
- Information Security Policy https://advisera.com/27001academy/documentation/information-security-policy/
- Management Review Minutes https://advisera.com/27001academy/documentation/management-review-minutes/
Comment as guest or Sign in
Jun 11, 2020