SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Organizational unit responsible for ISO standards

Guest

Organizational unit responsible for ISO standards

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 23, 2018 Last commented:   Apr 23, 2018

Organizational unit responsible for ISO standards

ISO 27001 & 22301
When a new department is formed to establish and ensure certifications for ISO27001, ISO22301, ISO20000, what name should that department be called? Scenario: This new department does not consist of any Subject Matter Expert on any of these areas: ISMS, BCMS, ITSM as these experts will be in other departments which are more specific to their expertise, example Application Development Department, Infrastructure & Security Department etc. Meaning this new department will only be manned by a few personnel who will lead the implementation of ISO 27001, ISO 22301, ISO 20000, taking the role as facilitators to the SME in ensuring it complies to the Standards. An Audit Team will also be in this Department. So may I have your suggestion what is the best name to label this new department. Are these names applicable/ suitable? Suggestions: 1) ISO Compliance Department 2) Quality Management Department
0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Dejan Kosutic Apr 23, 2018

Answer:

First of all, I would like to emphasize that the idea you presented won't work very well because:
1) It is not natural to create a separa te "ISO department" because the best persons to run such projects are e.g. Chief Information Security Officer for ISO 27001, Business continuity manager for ISO 22301, etc.
2) The auditors need to be in a separate organizational unit from the personnel that is implementing the standard.

An exception would be if your company is large one (e.g. more than 10,000 employees) - in such case you could have a "Project management office" where a professional project manager would be in charge of the implementation project, and CISO, BC manager and others would be members of the project team.

See also:
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 23, 2018

Apr 23, 2018

Suggested Topics
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Garry Created:   Dec 10, 2023 ISO 27001 & 22301
Replies: 3
0 0

Understanding the core concepts of RPO & RTO - ISO 22301