Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

ISO documents management (Delegation)

  Quote
Guest
Guest user Created:   Mar 25, 2023 Last commented:   Mar 25, 2023

ISO documents management (Delegation)

I have two different cases during the ISO implementation related to documents owner and rules & responsibilities.

first: during implementation, the iso 22301 the CISO was assigned to be the BCM Manager with R&R under this title and he was the documents owner too. the project finished and after a while the CISO resigned, and we need to delegate someone on behalf of him.
Q:---what are the needed changes should be done on these documents? document owner, add new title under rules and responsibilities.
or the delegation letter from the top management for will cover this and no need to change the documents?
------
Second: during implementation, the iso 27001 there was not an information security manager, the ISM is defined in Company structure with R&R under this title and they are going to hair one next year due to the small size company and he will be officially the A&R person for all documents and project.
Q:---what are the needed changes should be done on these documents? ISMS Manager, add new title under rules and responsibilities.
or the delegation letter from the top management for until hair the ISM will cover this and no need to change the documents?.

Thank you very much and I'm looking forward to hear back from you soon

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 25, 2023

first: during implementation, the iso 22301 the CISO was assigned to be the BCM Manager with R&R under this title and he was the documents owner too. the project finished and after a while the CISO resigned, and we need to delegate someone on behalf of him.Q:---what are the needed changes should be done on these documents? document owner, add new title under rules and responsibilities.or the delegation letter from the top management for will cover this and no need to change the documents?

In case this new person will come to have the same job title defined in the documents, then only the delegation letter from the top management will be enough.

In case this new person will come to have a different job title as defined in the documents, then the documents will need to be updated to reflect the new job title of the responsible person.

Second: during implementation, the iso 27001 there was not an information security manager, the ISM is defined in Company structure with R&R under this title and they are going to hire one next year due to the small size company and he will be officially the A&R person for all documents and project.Q:---what are the needed changes should be done on these documents? ISMS Manager, add new title under rules and responsibilities.or the delegation letter from the top management for until hire the ISM will cover this and no need to change the documents?.

Thank you very much and I'm looking forward to hear back from you soon

Considering an ISM will be hired next year, then the best approach will be to temporarily delegate to someone in the company the role of the ISM. For example, in a small company, the CTO or the person responsible for the ISMS implementation can be designated temporarily as the ISM.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Mar 25, 2023

Mar 25, 2023

Suggested Topics

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits