Implementation of ISO 27001
What will be expected of a marketing position in the implementation of ISO 27001? Are there any documents that need a marketing role's attention?
Assign topic to the user
Unless there is specific marketing-related information included in the ISMS scope (e.g., information related to new products), or one of the expected outcomes of the ISO 27001 implementation can be marketing-related (e.g., enter a new market), there is no specific expectation from a marketing role in an ISO 27001 implementation project.
Regarding documents requiring marketing role's attention in implementation, it will depend on how marketing will be involved. In the previous examples (i.e., when marketing-related information is included in the ISMS scope, or when one of the expected ISMS outcomes can be marketing-related), documents to be evaluated by marketing role are the ISMS scope and the Information Security Policy. By understanding them and being involved in their elaboration, it can become clearer what is expected from them and what they need to do.
Additionally, after implementation, other relevant documents will be those security documents that employees of the marketing department use in everyday work - e.g. Information classification, Backup policy, etc.
For further information, see:
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/
Comment as guest or Sign in
Oct 23, 2020