Question about Annex 6.1

The definition of general roles and responsibilities for information security is made on the Information Security Policy template, which you can find in folder 04 Information Security Policy of your ISO 27001 & ISO 22301 Premium Documentation Toolkit.

Regarding specific roles and responsibilities for information security, they are defined through all documents in the toolkit. If you note, every time an activity is defined, it is also required the definition of a “Job Title” or person to perform that activity.

These articles will provide you a further explanation about documenting roles and responsibilities:

• How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/ 
• Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
• What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/

I found the similar requirements repeated in the standard & Annex. So you mean I can mention this role & responsbility / Job Description/ Postion Description once in the documentation. That's enough and fulfill the requirement of ISO 27001 

Please note that you need to define a role responsibility whenever required in the document, not once. In our templates, you can easily identify where the definition of a role responsibility is required by the use of the expression job title between brackets ([job title]). Depending on the stated action you can define different job titles as responsible.

This approach is enough to fulfill the requirement of ISO 27001.