Cover — dark navy with red + blue brand
ISO 27001
Certification
Guide
A practical roadmap for small
and mid-sized companies
iso27diy.com
ISO 27001 Certification Guide
12
STEP 3
Assign
Responsibilities
Auditor will ask
Document who is responsible for
what. Capture this in a RASCI matrix
before the audit.
A functioning ISMS requires clarity about
who is responsible for what, and who
makes which decisions. ISO 27001 names
three roles explicitly.
Top management
Responsible for policy. Liability cannot be delegated.
Risk owners
Business managers whose objectives are at stake.
· · ·
Chapter opener page
CHAPTER 2
Risk
Management
Understanding your exposure
before you build controls.
iso27diy.com