Are there any specifics roles and responsibilites that should be defined that are specific to ISMS
Assign topic to the user
ISO 27001 does not prescribe roles to be defined, so organizations are free to define them according to their needs.
Regarding responsibilities, ISO 27001 only requires the definitions of these responsibilities:
- ensuring that the ISMS conforms to the requirements of the standard
- reporting on the performance of the ISMS to top management.
Other responsibilities the organizations can define according to their needs.
These articles will provide you a further explanation about roles and responsibilities:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
These materials will also help you regarding roles and responsibilities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 06, 2020