Is an obligation define roles and responsabilities for TI in a Company with different Areas or Department? and that roles must be included in the Organizational Chart?
Assign topic to the user
ISO 27001 only requires a definition of information security roles and responsibilities that can impact the ISMS scope (i.e., you must define the roles of the IT related to information security if this area is inside the ISMS scope).
Regarding where to document these roles, ISO 27001 does not require to write a separate document for roles and responsibilities. You can define the general roles and responsibilities in the Information Security Policy, and all other detailed responsibilities can be defined in specific documents.
This article will provide you a further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
Comment as guest or Sign in
Oct 14, 2020