I wanna ask about the roles in ISO 27001 in the organization.
Answer:
The main role in an ISMS is the CISO, who can be someone of top management, but other roles can be people related to department involved in the scope of the ISMS: Head of IT Department and/or IT Expert, Head of Human Resources and/or experts, Head of Physical security and/or experts, Head of Legal Department and/or experts, etc. These roles can be described in different policies and procedures, so it is not necessary a central document with all this information.
By the way, have you read our article about roles and responsibilities of top management? Roles and responsibilities of top management in ISO 27001 and ISO 22301 : https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 13, 2016