Guest user Created: Oct 25, 2016 Last commented: Oct 25, 2016

Information security board

i'm interesting if you have had any good practice with Information security board Regulation? is there any kind of document which regulates the actions of management board? or can give clear information how to organize all this kind of staff?&quest; for instance: responsibilities, voice voting, elections inside board for choosing decision during risk treatment or implementation of controls?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Oct 25, 2016

Answer: ISO 27001 does not define any requirements for information security boards, this phrase is not even mentioned in the standard. If you wish, you can organize some kind of a body that will coordinate information security activities, but it is not mandatory, and you can organize its work any way you want.

On the other hand, the role of the top management in a company is strictly defined by ISO 27001 - you'll learn about it in these articles:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Why is manag ement review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 24, 2016

Expert Advice Community