Guest user Created: Mar 05, 2019 Last commented: Mar 05, 2019

ISO 27001 Roles and responsibilities

I couldn't find any document regarding "roles and responsibilities", however according to one of your articles (https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/) it should be documented through the Risk Treatment Plan. If I take a look at the Risk Treatment Plan, I just see one big table where you have to document all the risks.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 05, 2019

Answer:

The definition of general roles and responsibilities for information security is made on the Information Security Policy. You can see how this policy looks like at this link: https://advisera.com/27001academy/documentation/information-security-policy/

Regarding specific roles and responsibilities for information security, they are defined through all documents used in the ISMS implementation.

Regarding the Risk Treatment Plan, the responsibilities are defined on column "Responsible person". By the information you provided, it seems you are referring to the Risk Treatment Table, which is a different document.

These articles will provi de you further explanation about documenting roles and responsibilities:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 05, 2019

Expert Advice Community