In relation to ISO/IEC ISMS 27001 Annex A objectives and controls about leadership and as one example; Appropriate contacts with relevant authorities shall be maintained in the business; Our business has an organization chart, but the chart shows reporting lines by job functions. If you could please share a template examples for a business organization chart that demonstrates top-down organization structure incorporating: Company Management, Corporate GRC [Governance, Risk, and Compliance], IT GRC, IT Management and Business. Our organization is in the certification process. We need the business organization chart to support Information Security, ISO/IEC ISMS 27001 Certification.
Assign topic to the user
Please note that ISO 27001 does not require an organizational chart to present how the organization supports information security. The most common way to document responsibilities related to information security is by writing them in the implemented policies and procedures.
To see how documented responsibilities look like, I suggest you to take a look at the free demo of our ISO 27001 documentation toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
These articles will provide you a further explanation about documenting responsibilities:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
This material will also help you regarding documentation:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Jun 03, 2020