ISO 27001 Roles and responsibilities
Assign topic to the user
Answer:
The definition of general roles and responsibilities for information security is made on the Information Security Policy. You can see how this policy looks like at this link: https://advisera.com/27001academy/documentation/information-security-policy/
Regarding specific roles and responsibilities for information security, they are defined through all documents used in the ISMS implementation.
Regarding the Risk Treatment Plan, the responsibilities are defined on column "Responsible person". By the information you provided, it seems you are referring to the Risk Treatment Table, which is a different document.
These articles will provi de you further explanation about documenting roles and responsibilities:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
Comment as guest or Sign in
Mar 05, 2019