Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Internal and External Issues

I'm starting to implement the ISMS, regarding the scope, I read a blog article (Explanation of ISO 27001: 2013 clause 4.1) and noticed I have to determine the internal and external issues. I define roles and responsibilities of all employees of the organization or just those involved in information security. And is there any recommendation for this, for example a list containing the name, job title, responsibility?

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

The important here is that you have to define roles and responsibilities of employees of the Organization that are involved in the scope of the ISMS (furthermore, as you know, business strategy and objectives, capabilities and resources, etc).

In the article that you have referenced (Explanation of ISO 27001:2013 clause 4.1 (Understanding the Organization) : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/), there are information enough to comply with the clause 4.1 of the ISO 27001:2013. It is also important that you know that in the Informati on Security Policy you can define the responsibilities. You can see a free version of our template at this URL (please click on Free Demo tab): https://advisera.com/27001academy/documentation/information-security-policy/ And of course, if you need more information please ask us.

In our templates, each policy and procedure defines roles and responsibilities, this is so because the ISO 27001 does not require you to have a centralized list of security roles and responsibilities. You can read more information about this here: https://community.advisera.com/topic/roles-and-responsibilities-2/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community