Expert Advice Community

Guest

Roles and responsibilities

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Roles and responsibilities

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

How the people in this function get the specif task for doing the monitoring? I have two options: 
1) They do it by themselves and they need to somehow capture it (I'm not sure what is the best way)
2) Someone is about to 'give them' the task (again not sure how to capture it)
 

Answer:

I am not sure if I have understood the question, but from my point of view is better option 2), because on this way you can have 2 levels: manager (coordinates and plans the execution of all tasks) and technical expert (perform technically all tasks). The last can be useful for example for the change management (clause A.12.1.2 ISO 27001:2013): an user identifies changes, the manager analyze and approve them and requests to a technical expert to do the necessary changes.
So from my point of view is very important to have clearly defined roles and responsibilities. These articles –related to information security and ISO 27001- can be interesting for you :
“What is the job of Chief Information Security Officer (CISO) in ISO 27001?” : https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
“Roles and responsibilities of top management in ISO 27001 and ISO 22301” : https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
"How to perform monitoring and measurement in ISO 27001" : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
Quote
0 0
Guest
DejanK Jan 13, 2016
We received another question:

> How to ensure that the monitoring is done i.e. I need to have some role creating the monitoring task and other role to execute it. That is clear and understood. What I'm trying to find out is the 'format' of this task. Should it be task as part os the problem? incident? change? I don't think those are appropriate types. So how to do it? Is there any special process including task types for monitoring? Which type is it?

Answer:

If you need to assign someone with the responsibility of doing a monitoring task, this is usually done through a written procedure - therefore, this is not part of the problem, incident or a change, because this is a continuous task that needs to be done daily, weekly, monthly, etc.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics