Guest user Created: Jan 28, 2018 Last commented: Jan 28, 2018

Policies approval

When creating policies for ISO 27001 does a Company Director need to sign these or can any Director sign them?

0 0

Assign topic to the user

Select user

Rhand Leal Jan 28, 2018

Answer: In general the Company Director (or the highest position in the company) signs the high level policies (those policies that have overall impact through the organization, like the Quality Management Policy and the Information Security Policy), while other directors or managers sign the remaining policies (known as low level or second level policies), according to their scope (e.g., IT director signs the Password and Backup policies, and the Purchase manager sings the Supplier Management Policy).

This article will provide you further explanation about management responsibilities:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

This material will also help you regarding do cument management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 28, 2018

Expert Advice Community