ISO 27001 / TISAX certification
Assign topic to the user
For a precise definition for “sensitive work fields and positions” you need to identify which security regulations you need to fulfill because these will define the requirements for the identification of sensitive work fields and positions.
For example, for EU GDPR, you need to define the Data Protection Office position, and since this regulation is about privacy protection, any process or area which handles Personally Identifiable Information (PII) will need to be considered a sensitive work field.
Specifically for ISO 27001, sensitive work fields and positions will also be identified as a result of risk assessment.
For further information, see:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Nov 17, 2021