Expert Advice Community

Guest

Position Description Question

  Quote
Guest
Guest user Created:   Sep 19, 2022 Last commented:   Sep 19, 2022

Position Description Question

I wanted to touch base with you about a quick question. This is about ISO27001 control regarding stipulating Information Security obligations in Position Descriptions.

We are an ISO-27001:2013 compliant company and we have generic Info Sec roles and responsibilities articulated in our Position Description.

I wanted to know if there is a need to articulate role-specific Info Sec roles and responsibilities as well in PD’s. For example, a Backup Engineer’s Info Sec roles and responsibilities would be different than that of a Network Engineer. Some views in our company are that it would be overkill as ISO doesn’t mandate going into such details.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 19, 2022

ISO 27001 does not prescribe how to define information security roles and responsibilities, so organizations are free to define them as best fit their needs, i.e., either as roles and responsibilities included in an existing Position Description that performs some information security activities (e.g., the Network Engineer) or as roles and responsibilities in a new Position Description on which information security is the core activities (e.g., the Chief Information Security Officer). 

Considering your example, in small and midsized businesses, a Network Engineer can perform information security activities (e.g., backup), then roles and responsibilities can be included in this Position Description. In bigger companies, it may be required that you have a specific role to perform a backup, so a Backup Engineer may be a required Position Description.

This article will provide you with further explanation about documenting roles and responsibilities:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 18, 2022

Sep 18, 2022