Management’s Responsibility to the Information Security Management System

Management’s responsibility to the ISMS is to ensure that all personnel:

  • are directed to fulfil the organisation’s Information Security Policy and other ISO 27001-related policies;
  • are informed on their Information Security roles and responsibilities before gaining access to organisational information and assets;
  • are provided with guidelines stating the Information Security expectations of their role within the organisation;
  • are aware of Information Security relevant to their roles and responsibilities within the organisation;
  • continue to have the appropriate Information Security skills and qualifications through ongoing professional education and training;
  • and to ensure that personnel is provided with adequate resources and project planning time for implementing Information Security-related processes and controls.