Management Representative for ISMS 2013
Assign topic to the user
Answer: A Management Representative is not a requirement in ISO 27001:2013, so you do not need a MR appointment letter for ISMS 2013. However, ISO 27001:2013 equerries the definition of roles, responsibilities and authorities related to information security and, depending upon the organization's context (e.g., size, processes complexity) it may define a role to coordinate information security (e.g., a security officer or a chief information security officer - CISO), in a job description or any other way the organization uses for responsibilities assignment.
This article will provide you further explanation about roles and responsibilities:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- How to document role s and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
These materials will also help you regarding roles and responsibilities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 10, 2016