Organizational unit responsible for ISO standards
Assign topic to the user
Answer:
First of all, I would like to emphasize that the idea you presented won't work very well because:
1) It is not natural to create a separa te "ISO department" because the best persons to run such projects are e.g. Chief Information Security Officer for ISO 27001, Business continuity manager for ISO 22301, etc.
2) The auditors need to be in a separate organizational unit from the personnel that is implementing the standard.
An exception would be if your company is large one (e.g. more than 10,000 employees) - in such case you could have a "Project management office" where a professional project manager would be in charge of the implementation project, and CISO, BC manager and others would be members of the project team.
See also:
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
Comment as guest or Sign in
Apr 23, 2018