Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

GRC questons

  Quote
Guest
Guest user Created:   Mar 22, 2018 Last commented:   Mar 22, 2018

GRC questons

We would like to get your advice on these items.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 22, 2018

1 - Compliance organization structure in accordance to best practice for that comprises 3 pillars of ISO : ISO 27001, ISO 22301 & ISO 20000

Answer: ISO management standards now have a common framework and set of requirements that makes easier to work with them in a integrated manner. Since each organization is unique in its requirements, there is no definitive structure that can be applied to all organizations, but I suggest you to read these article about integrated systems: 

- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

2 - Who should be the key members for Governance Risk Compliance committee : ie : Risk Management
a. ISMS Committee
b. BCMS Committee
c. ITSM Committee

Answer: Besides experts in each field you mentioned (i.e, information security, business continuity and information technology) and top management, you should consider personnel from Legal and Financial areas, as w ell as representatives of critical areas of the organization.

3. Who should be the expert within the organization to orchestrate and responsible for establishing and maintaining the security strategy to ensure the information assets. Ensure it is adequately protected; including identifying, developing, implementing and maintaining processes across organization.

Answer: For this role you should consider personnel with high competence (i.e., knowledge and experience) in risk management or information security (generally this person is designated as the CISO - Chief Information Security Officer)

These materials will provide you further explanation about your questions:
- Integration of Information Security, IT and Corporate Governance https://info.advisera.com/27001academy/free-download/integration-of-information-security-it-and-corporate-governance
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/

- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 22, 2018

Mar 22, 2018

Suggested Topics

Guest user Created:   Sep 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Career in GRC domain.

Guest user Created:   Jul 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question about GRC committee

Guest user Created:   Jan 10, 2019 ISO 27001 & 22301
Replies: 1
0 0

GRC and ISO 27001