Management’s responsibility to the ISMS is to ensure that all personnel:
- are directed to fulfil the organisation’s Information Security Policy and other ISO 27001-related policies;
- are informed on their Information Security roles and responsibilities before gaining access to organisational information and assets;
- are provided with guidelines stating the Information Security expectations of their role within the organisation;
- are aware of Information Security relevant to their roles and responsibilities within the organisation;
- continue to have the appropriate Information Security skills and qualifications through ongoing professional education and training;
- and to ensure that personnel is provided with adequate resources and project planning time for implementing Information Security-related processes and controls.