Assign topic to the user
1 - Compliance organization structure in accordance to best practice for that comprises 3 pillars of ISO : ISO 27001, ISO 22301 & ISO 20000
Answer: ISO management standards now have a common framework and set of requirements that makes easier to work with them in a integrated manner. Since each organization is unique in its requirements, there is no definitive structure that can be applied to all organizations, but I suggest you to read these article about integrated systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
2 - Who should be the key members for Governance Risk Compliance committee : ie : Risk Management
a. ISMS Committee
b. BCMS Committee
c. ITSM Committee
Answer: Besides experts in each field you mentioned (i.e, information security, business continuity and information technology) and top management, you should consider personnel from Legal and Financial areas, as w ell as representatives of critical areas of the organization.
3. Who should be the expert within the organization to orchestrate and responsible for establishing and maintaining the security strategy to ensure the information assets. Ensure it is adequately protected; including identifying, developing, implementing and maintaining processes across organization.
Answer: For this role you should consider personnel with high competence (i.e., knowledge and experience) in risk management or information security (generally this person is designated as the CISO - Chief Information Security Officer)
These materials will provide you further explanation about your questions:
- Integration of Information Security, IT and Corporate Governance https://info.advisera.com/27001academy/free-download/integration-of-information-security-it-and-corporate-governance
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 22, 2018