When a new department is formed to establish and ensure certifications for ISO27001, ISO22301, ISO20000, what name should that department be called? Scenario: This new department does not consist of any Subject Matter Expert on any of these areas: ISMS, BCMS, ITSM as these experts will be in other departments which are more specific to their expertise, example Application Development Department, Infrastructure & Security Department etc. Meaning this new department will only be manned by a few personnel who will lead the implementation of ISO 27001, ISO 22301, ISO 20000, taking the role as facilitators to the SME in ensuring it complies to the Standards. An Audit Team will also be in this Department. So may I have your suggestion what is the best name to label this new department. Are these names applicable/ suitable? Suggestions: 1) ISO Compliance Department 2) Quality Management Department
First of all, I would like to emphasize that the idea you presented won't work very well because:
1) It is not natural to create a separa te "ISO department" because the best persons to run such projects are e.g. Chief Information Security Officer for ISO 27001, Business continuity manager for ISO 22301, etc.
2) The auditors need to be in a separate organizational unit from the personnel that is implementing the standard.
An exception would be if your company is large one (e.g. more than 10,000 employees) - in such case you could have a "Project management office" where a professional project manager would be in charge of the implementation project, and CISO, BC manager and others would be members of the project team.