Guest user Created: Jun 11, 2019 Last commented: Jun 11, 2019

Information Security Officer position

My question is about the Information Security Officer position in the company. Is it required to have such a position for ISO 27001 certification?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 11, 2019

Answer:

ISO 27001 does not prescribe which roles or positions should be created, only that responsibilities and authorities must be defined and assigned, so organizations are free to define the model that best suits them. For small organizations, up to 50 employees, a good approach is to assign responsibilities and authorities for information security to the CEO or someone from top management. For bigger organizations a better approach is to create a specific role to be responsible for information security, because of the number of tasks and time required.

These articles will provide you further explanation about CISO (Chief Information Security Officer):
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CIS O) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 11, 2019

Expert Advice Community