Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Implementation of the function segregation matrix in a small company

  Quote
Guest
Guest user Created:   Aug 18, 2020 Last commented:   Aug 18, 2020

Implementation of the function segregation matrix in a small company

(I need a help/tip, what is the best way to formalize a matrix of function segregation, in a small company.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 18, 2020

First is important to note that ISO 27001 does not prescribe how to document responsibilities in an ISMS, so organizations are free to document them the best they fit their needs.

Considering that, there are two common ways:

  • you can document the segregated functions directly in the document they are used (e.g., documenting the responsibilities to create and test backup in the Backup Policy). In this approach, users have easy access to the information, but it is more complicated to have a systemic view
  • you can create a single function segregation matrix, documenting all segregated functions you have. In this approach, it is easier to have a general view of functions, but users may find it difficult to use the documents when needed.

These articles will provide you a further explanation about documenting responsibilities and segregation of functions:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 18, 2020

Aug 18, 2020