Guest user Created: May 27, 2020 Last commented: May 27, 2020

ISMS roles and responsibilities

If there is a documented appointment (in a google spreadsheet) by team leaders to their subordinates as ISMS champions but not signed acknowledged by the team members/subordinates. however, the team members appointed as ISMS champions attended the training for ISMS roles and responsibilities with proof of attendance is it tantamount to conformance to Clause 5.3 (Organizational roles, responsibilities and authorities) and Annex A.6.1.1 (Information security Roles and responsibilities)?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 27, 2020

This is not sufficient, because not only the ISMS champions must know about their information security responsibilities, but also all personnel included in the ISMS scope, so they can know who to look for in case of a situation related to information security.

In this case, you must also consider:

Document information security roles and responsibilities in the policies and procedures used by the organization.
Provide awareness and training sessions for all personnel included in the ISMS scope.

This article will provide you a further explanation about documenting roles and responsibilities:

How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

These materials will also help you regarding roles and responsibilities:

Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 27, 2020

Expert Advice Community