Should the champions be the head of departments?
Hi, I have recently been appointed as the ISMS lead in a small university. Currently trying to appoint the champions to work with. Should the champions be the head of departments or can I appoint other members of the department?
Assign topic to the user
ISO 27001 does not prescribe roles for information security, so you can appoint any role in your organization, provided they are invested with the needed responsibilities and authorities to make information security work.
Considered your situation, the head of departments should be your first choice, but an alternative would be people designated by them, with the needed authorities.
This article will provide you a further explanation about roles and responsibilities:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jul 29, 2020