SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Implementation of ISO-27001

  Quote
Guest
Guest user Created:   Mar 04, 2022 Last commented:   Mar 04, 2022

Implementation of ISO-27001

I have a question regarding the implementation of ISO-27001. To what extent should the ISMS consider the actions and decisions of the sole owner of an organization? This person supports the implementation of the ISMS and complies with all arranged security practices. However, he/she could theoretically decide to bypass any security controls or simply stop financing the company at any time and no ISMS or business continuity plan could stop that from happening, given that employees don't have the authority to enforce rules or impose disciplinary action. Hence my question, should any of these rules or unlikely scenarios be contemplated at all?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 04, 2022

According to ISO 27001, the ultimate actions and decisions to be considered for the ISMS are those from the top management, not those from the owner of the company - of course, if the owner of the company is also its CEO then this person will have full power to make decisions.

In practice, the top management will have to act and decide on how to support the ISMS with resources and ensure security policies and procedures are followed, if not, the company might lose its certificate.

In case the top management wants to change some security objectives/controls/priorities/resources, etc. this must be in writing, taking into account risks and requirements of interested parties (e.g., the company’s owner, customers, suppliers, government, etc.) - in other words, such decisions must be made taking into account the security needs.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 04, 2022

Mar 04, 2022

Suggested Topics