Expert Advice Community

Home / ISO 27001 & 22301 / Information security in organizational chart

Guest

Information security in organizational chart

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Aug 24, 2019 Last commented:   Aug 24, 2019

Information security in organizational chart

ISO 27001 & 22301
The book is useful and applicable. But in our organization we have CRO and CISO. Information security risk management must be in CRO or CISO organization ? It is big problem for us.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Aug 24, 2019

Answer:

Since your organization has a CRO (Chief Risk Officer), and I'm assuming that by that there is an organizational-wide risk management process, you have two options:
- Leave CRO in charge of the Information security risk management, and the CISO will provide the criteria by which information security risks will be evaluated considering the CRO risk management process approach.

- Leave CISO in charge of the Information security risk management, and the CRO will provide the requirements the information security risk management process will have to follow to stay compliant with the organizational-wide risk management process approach.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 24, 2019

Aug 24, 2019

Suggested Topics
Guest user Created:   Sep 29, 2022 ISO 27001 & 22301
Replies: 1
0 0

Organizational chart - ISMS
Guest user Created:   Oct 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

Questions regarding ISO27001 documentation