SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / ISO 27001 competencies

Guest

ISO 27001 competencies

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 03, 2018 Last commented:   Apr 03, 2018

ISO 27001 competencies

ISO 27001 & 22301
1- Hi, we have included all our employees in the scope for ISO 27001. Do we have to a competency matrix for all of them as per Clause 7.2 ? Or only for the ones with the Information Security role who have been assigned the responsibilty for ISMS ? Please clarify for who all the competency matrix is to be done ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Apr 03, 2018

Answer: ISO 27001 only requires the definition of necessary competencies for persons that affect its information security performance. Considering that, only the persons that handles the information you want protect must be included in the competency matrix. For example, if you want to protect only the research and development information, most probably the HR and financial personnel won't be included in your competency matrix.

2- And what type of competencies need to be included – do they have to be related to information security only ?

Answer: The competencies to be included will depend on which roles you have in your matrix, but broadly speaking they are related to information technology, physical security, HR management and legal.

As you can notice, they are not limited to information security. In fact information security competencies will drive which specific competencies in these areas must be developed.

For example, for protecting confidentiality, competencies related to physical and logical access control must be developed, as well as security practices in systems development will need to protect confidentiality of information stored and processed by information systems.

These articles will provide you further explanation about managing competencies:

- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding managing competencies:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 03, 2018

Apr 03, 2018

Suggested Topics
Guest user Created:   May 20, 2017 ISO 27001 & 22301
Replies: 1
0 0

Competencies for ISO 27001 implementation and management
Guest user Created:   Feb 15, 2019 ISO 27001 & 22301
Replies: 1
0 0

Competencies for ISO 27001
Guest user Created:   Jul 04, 2023 ISO 27001 & 22301
Replies: 1
0 0

How to keep being trained and skilled and best way to find work?