LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISO 27001 roles

  Quote
Guest
Guest user Created:   Feb 10, 2017 Last commented:   Feb 10, 2017

ISO 27001 roles

1 - Can I replace {job title} with Senior Management in some cases?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 10, 2017

Answer: Yes. You only have to take care to not define Senior Management as the responsible role in too much activities.

2 - If so, do I have to specify who is meant by Senior Management?

Answer: Yes. Instead of concepts like manager or process owner, Senior Management may mean one or more persons, like when you define the responsibility to project team. In these cases people, and auditors usually look for the one in the highest position, so you should make well clear what Senior Management means to your organization.

3 - If so, where do I have to do this? In which document?

Answer: You have many options where to define the Senior management. You can define them in job descriptions, in the organizational chart, or in the Information Security Policy.

These articles will provide you further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-r oles-and-responsibilities-according-to-iso-27001/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding roles and responsibilities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2017

Feb 10, 2017