Thanks so much for making me part of your group, the 27001 ACADEMY. For options b and c in your article below, how does the organization structure look like for the project?
Answer:
You organization structure for options b" and c" can be the same that for the option a, because the organization structure should include roles (CEO, CISO, responsible of HR, etc) and generally it is always the same; the difference (options b and c") is that some of these roles can be assumed by external people. For example, there are many companies that have an external experienced professional to assume the role of CISO.
This article about CISO can be interesting for you Chief Information Security Officer (CISO) - where does he belong in an org chart? : https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
And also this article about how to choose a consultant 5 criteria for choosing an ISO 22301 / ISO 27001 consultant : https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/
Comment as guest or Sign in
Jan 12, 2016