Expert Advice Community

Guest

Question about GRC committee

  Quote
Guest
Guest user Created:   Jul 21, 2022 Last commented:   Jul 21, 2022

Question about GRC committee

I hope this email finds you well, I have a question , we will be creating a GRC committee, therefore, I need to know what first steps should be done with the committee as an information security officer. Also, what should be asked from the management representatives to do first and so on
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 21, 2022

First is important to note that 27001 does not regulate, not even mention a GRC committee. It only requires that relevant functions to information security are defined.

Considering that, the first steps would be for the committee to agree on what are the top-level objectives of information security, and what kind of role & authority the committee has so that it does not conflict with those of the security officer.

After that, as an information security officer, in case of objectives, are changed, and also considering the committee’s roles and authorities, you should evaluate if any changes are required in the ISMS. In case changes are required these need to be evaluated by management representatives to decide if they will be implemented or not. The following steps are similar to those related to ISMS implementation:

  • update ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational and requirements of interested parties

  • update risk assessment and treatment methodology

  • perform a risk assessment and define a risk treatment plan

  • controls implementation (e.g., policies and procedures documentation, acquisitions, etc.)

  • people training and awareness

  • controls operation

  • performance monitoring and measurement

  • perform internal audit

  • perform management critical review

  • address nonconformities, corrective actions, and opportunities for improvement

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 21, 2022

Jul 21, 2022

Suggested Topics