Responsibilities assignment
Assign topic to the user
Who can take this task ?
4.1. Objectives and measurement :
· [Job title] will measure the fulfillment of all the objectives.
· [Job title] is responsible for setting the method for measuring the achievement of the objectives.
4.5. Responsibilities
· [job title] will define which information related to information security will be communicated to which interested party (both internal and external), by whom and when.
· [job title] is responsible for adopting and implementing the Training and Awareness Plan, which applies to all persons who have a role in information security management
Answer: Regarding the responsibilities you mentioned related to section 4.1, and the first one on section 4.5, they are generally assigned to a role created specifically for that purpose (e.g., the CISO), bu t you also can assign them to an existing role in the organizational chart, provided that this person has the necessary skills to carry out the activities (a good choice would be the Management Representative or Quality Manager if you have this role).
For the second responsibility you mentioned in section 4.5, this one can be assigned either to HR Manager or to the roles above mentioned.
These articles will provide you further explanation about CISO:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Comment as guest or Sign in
Jan 30, 2018