Responsibilities in the Information security policy
Assign topic to the user
1. who is responsible for ensuring that the ISMS is implemented and maintained according Information Security Policy, and for ensuring all necessary resources are available?
2. who will define which information related to information security will be communicated to which interested party (both internal and external), by whom and when ?
3. who has to ensure that all employees of organization, as well as appropriate external parties are familiar with Information Security Policy?
4. who is an owner of Information Security Policy?
5. who is responsible for setting the method for measuring the achievement of the objectives?
6. who will analyze and evaluate the measurement results and report them to
top management as input materials for the Management review?
Answers:
Generally speaking, ISO 27001 does not prescribe who should be doing what in a particular company, so you should define the responsibi lities that fit the best your particular situation.
To answer your questions:
1) This would be typically Chief Information Security Officer (CISO), or some other person who is in charge of coordinating the information security.
2) CISO or a person in charge of corporate communications (e.g. public relation officer).
3) Usually CISO.
4) Usually CISO.
5) CISO or some other person in a company who is in charge of controlling.
6) CISO or some other person in a company who is in charge of controlling.
There articles will also help you:
What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 13, 2016