Expert Advice Community

Guest

Steering committes for a smaller company

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Steering committes for a smaller company

Is it ok to combine the ismc (info sec mgmt committee) with the itsc (IT steering committee) in one doc as the company is small?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Answer: Yes you can combine them in one document; actually ISO 27001 does not require any of these bodies so you can organize them any way you wish, or you can decide not to have such a body at all - smaller companies usually do not have such committees.

Do we have to creat processes diagram such as internal audit process?

Answer: No, you to not have to draw the diagrams because ISO 27001 does not require you do to so; the standard does require you to have a process for internal audit, and it is a best practice to write a procedure for it.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016