Guest
ISMS roles and responsibilities
If there is a documented appointment (in a google spreadsheet) by team leaders to their subordinates as ISMS champions but not signed acknowledged by the team members/subordinates. however, the team members appointed as ISMS champions attended the training for ISMS roles and responsibilities with proof of attendance is it tantamount to conformance to Clause 5.3 (Organizational roles, responsibilities and authorities) and Annex A.6.1.1 (Information security Roles and responsibilities)?
Assign topic to the user
Expert
Rhand Leal
May 27, 2020
This is not sufficient, because not only the ISMS champions must know about their information security responsibilities, but also all personnel included in the ISMS scope, so they can know who to look for in case of a situation related to information security.
In this case, you must also consider:
- Document information security roles and responsibilities in the policies and procedures used by the organization.
- Provide awareness and training sessions for all personnel included in the ISMS scope.
This article will provide you a further explanation about documenting roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
These materials will also help you regarding roles and responsibilities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 27, 2020
May 27, 2020
May 27, 2020