Guest
Management representative in ISMS
My question is about roles and responsibilities in 27001. What do you think Management Representative's (MR) position in ISMS. If we have CISO, Do we still need MR. If we have both of them, what is the difference between their responsibilities.
Assign topic to the user
Expert
Rhand Leal
Jan 23, 2018
Answer: The Management Representative is not a required role in the ISMS by ISO 27001, but an organization can assign one if it understands it can make its ISMS work better (for some scenarios, a person dedicated to the specific activities of the management system can better ensure and improve its results).
A CISO can assume the role of MR in an ISMS in case of need (if you have only ISO 27001 our recommendation would be to have only CISO.), but in organizations with multiple ISO management systems, maybe it is better to have CISO and MR as separated roles, because as MR must be competent on the requirements of the multiple management systems the organization has, the CISO is specialized in Information Security, and maybe overwhelmed by activities regarding other managements systems.
Thiese articl es will provide you further explanation about Management Representative and CISO:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
Comment as guest or Sign in
Jan 23, 2018
Jan 23, 2018
Jan 23, 2018