I’m trying to set up the ISMS organization roles for the ISO27001. Are there any guidelines about the necessary roles? Or some examples of how ISMS organization should look like and map to the Conformio roles?
Besides Top Management, ISO 27001 does not prescribe roles to be related to information security management, so organizations can define them as best fit their needs.
Common practice is to attribute information security responsibilities to already existing roles in the organization (e.g., responsibilities for IT security designated to the IT manager, responsibilities for physical security designated to the operations officer, etc.).
Conformio’s roles were designed considering the most common organizational roles (e.g., IT manager, HR manager, Finance manager, etc.).
These articles will provide you with further explanation: