Guest user Created: May 28, 2019 Last commented: May 28, 2019

RACI chart for ISO 27001 controls

Can you help me in providing RACI Chart for all the ISO 27001 controls to map in my organisation. Basically I have Security Team, IT Operations Team, Development Team, IT head, BoD and employees.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 28, 2019

Answer:

First it is important to note that a RACI matrix is not mandatory for ISO 27001.
Considering that, there is no definitive RACI chart for this situation, because organizations are free to implement ISO 27001 controls as best fits them, but in a general manner the roles to include in such RACI matrix should consider at least:
- Top management / CISO as Accountable for controls implementation decisions
- Risk owners as Responsible for the overall controls implementation and operation
- Team members as Responsible for tasks / activities related to controls implementation and operation
- Units Heads / Processes Owners / Asset owners / Interested Parties as Consulted about controls to be implemented
- Employees / Users / as Informed about implemented controls

This article will provide you further explanation about use of RACI charts for ISO 27001:
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 28, 2019

Expert Advice Community