Full Time ISMS Manager
Thank you very much for your responses so far much appreciated. Just a quick question, does a small organisation with lets say 90 staff globally require a full time ISMS manager, or should this role be given on a part-time basis or an ad-hoc basis?
Assign topic to the user
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free 
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
For such a small company you do not need a full-time ISMS manager (needed activities will take him/her perhaps 20% of the time), so this role can be given as an additional function to an already exiting role in your organization, probably someone from the top management, or someone which answer directly to them.
Since related activities must be performed at certain periodicity, you should avoid designate them on an ad-hoc basis, because of risk to lose information when the activities are transferred from one person to another.
These articles will provide you a further explanation about the IS manager role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Aug 29, 2020