Internal and External Issues
Assign topic to the user
The important here is that you have to define roles and responsibilities of employees of the Organization that are involved in the scope of the ISMS (furthermore, as you know, business strategy and objectives, capabilities and resources, etc).
In the article that you have referenced (Explanation of ISO 27001:2013 clause 4.1 (Understanding the Organization) : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/), there are information enough to comply with the clause 4.1 of the ISO 27001:2013. It is also important that you know that in the Informati on Security Policy you can define the responsibilities. You can see a free version of our template at this URL (please click on Free Demo tab): https://advisera.com/27001academy/documentation/information-security-policy/ And of course, if you need more information please ask us.
In our templates, each policy and procedure defines roles and responsibilities, this is so because the ISO 27001 does not require you to have a centralized list of security roles and responsibilities. You can read more information about this here: https://community.advisera.com/topic/roles-and-responsibilities-2/
Comment as guest or Sign in
Jan 12, 2016