Minimum roles for ISO 27001 certification
Assign topic to the user
Answer: ISO 27001 requires you to have at least the following roles:
- Top management who makes crucial decisions - typically this is the CEO
- A person who will be responsible for the implementation and maintenance of security - typically this is security officer, but this role could be performed by the CEO in a very small company
- Internal auditor who performs regular internal audits - this can be someone from within the company, or you can hire someone externally.
All the other roles you can define through your policies and procedures.
See also these articles:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- What is the job of CISO in ISO 27001 https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-is o-27001/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
This free training will also help you:
- ISO 27001 Foundations Course: https://advisera.com/training/iso-27001-foundations-course/
Thank you for your answer, it will help me a lot! So, if I can hire an external auditor to makes me the internal audit, can I make the same with the security officer?
This is correct - smaller companies very often hire outsourced security officers.
Comment as guest or Sign in
Jan 14, 2019