Expert Advice Community

Roles and Responsibilities

  Quote
mk Created:   Oct 13, 2020 Last commented:   Oct 14, 2020

Roles and Responsibilities

Is an obligation define roles and responsabilities for TI in a Company with different Areas or Department? and that roles must be included in the Organizational Chart?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 14, 2020

ISO 27001 only requires a definition of information security roles and responsibilities that can impact the ISMS scope (i.e., you must define the roles of the IT related to information security if this area is inside the ISMS scope).
 
Regarding where to document these roles, ISO 27001 does not require to write a separate document for roles and responsibilities. You can define the general roles and responsibilities in the Information Security Policy, and all other detailed responsibilities can be defined in specific documents.
 
This article will provide you a further explanation about roles and responsibilities:  

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 13, 2020

Oct 14, 2020