SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Minimum roles for ISO 27001 certification

  Quote
Guest
Guest user Created:   Jan 14, 2019 Last commented:   Jan 14, 2019

Minimum roles for ISO 27001 certification

What roles should I have at least in my company to be able to make a satisfactory certification? This company is small, only 10 employees.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Jan 14, 2019

Answer: ISO 27001 requires you to have at least the following roles:
- Top management who makes crucial decisions - typically this is the CEO
- A person who will be responsible for the implementation and maintenance of security - typically this is security officer, but this role could be performed by the CEO in a very small company
- Internal auditor who performs regular internal audits - this can be someone from within the company, or you can hire someone externally.

All the other roles you can define through your policies and procedures.

See also these articles:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- What is the job of CISO in ISO 27001 https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-is o-27001/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

This free training will also help you:
- ISO 27001 Foundations Course: https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0
Guest
rgonzalez Jan 14, 2019
Thank you for your answer, it will help me a lot! So, if I can hire an external auditor to makes me the internal audit, can I make the same with the security officer?
Quote
0 0
Expert
Dejan Kosutic Jan 14, 2019
This is correct - smaller companies very often hire outsourced security officers.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2019

Jan 14, 2019