Expert Advice Community

Guest

Executives involved in ISO 27001

  Quote
Guest
Guest user Created:   Jun 11, 2020 Last commented:   Jun 11, 2020

Executives involved in ISO 27001

1. How and which Executives need to get involved in ISO 27001.

2. Which documents need to be overseen by them specifically?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 11, 2020

1. How and which Executives need to get involved in ISO 27001.

The executives to be involved will depend on the ISMS scope. In case all the organization is in the ISMS scope, then the CEO is the top executive to be involved, as well as the other executives, representing their areas. In case the ISMS scope is limited to part of the organization, then the highest executives in the defined scope must be involved.

The executives' involvement basically covers:

  • ensure that information security supports the company strategy;
  • definition of objectives to be achieved;
  • definition of specific related responsibilities and authorities to information security;
  • provision of resources;
  • general performance review.

For more information about the roles and responsibilities of executives in information security I suggest these materials:

2. Which documents need to be overseen by them specifically?

Considering the mentioned responsibilities, the most common documents you will find are:

  • Information security policy
  • Management review

To see how these documents look like, please access these links:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 11, 2020

Jun 11, 2020

Suggested Topics