Hi, I have recently been appointed as the ISMS lead in a small university. Currently trying to appoint the champions to work with. Should the champions be the head of departments or can I appoint other members of the department?
ISO 27001 does not prescribe roles for information security, so you can appoint any role in your organization, provided they are invested with the needed responsibilities and authorities to make information security work.
Considered your situation, the head of departments should be your first choice, but an alternative would be people designated by them, with the needed authorities.
This article will provide you a further explanation about roles and responsibilities: