Management representative transition checklist

[smohanarangan]

Is there any checklist available for ISMS Management Representative's transition?

 

[Marc]

What do you mean by "transition"?

 

[smohanarangan]

Leadership is getting changed.

 

[Marc]

Why not just update your current responsibilities matrix (or what ever document you use to define responsibilities, such as an organizational chart)?

 

[bio_subbu]

Or, get a “Management Representative” appointment letter from your organization. The letter should define the responsibilities clearly.

 

[smohanarangan]

Thanks for the info, this was helpful.

 

[Richard Regalado]

Is there any checklist available for ISMS Management Representative's transition?

Hello. First and foremost, a management representative is not a requirement for the ISO/IEC 27001. I am assuming here, that the ISMS you are referring to is based on ISO/IEC 27001 (there are other standards out there you can use).

Some organizations create a management representative (or MR) position/function to have a point person for managing the ISMS and to satisfy the requirements of Clause 5.3 of the ISO/IEC 27001 to which it says the following roles must be assigned and communicated:

a) ensuring that the information security management system conforms to the requirements of this International Standard; and

b) reporting on the performance of the information security management system to top management.

Aside from the requirement above, you may include other functions you feel is necessary for the management and improvement of your ISMS. These are examples of additional roles for an ISMR (information security MR).

1. Establishes and maintains ISMS requirements in accordance with ISO 27001:2013 in alignment with EIAN Corporate policies, processes and procedures.
2. Evaluates performance of the EIAN ISMS with regard to effectiveness and suitability with the International Standard, reports the results to the Corporate Security Committee and submits recommendations for improvements.
3. Communicates to all members of the EIAN organization and support teams the importance of ISMS, its policies, processes, and related documentation particularly the alignment of EIAN ISMS to the Corporate ISMS.
4. Ensures EIAN compliance with applicable legislation, legal requirements and other regulations.
5. Coordinates with EIAN DISMR and corporate interface teams to ensure that appropriate information security programs are implemented to achieve security objectives and targets.
6. Facilitates coordination and incorporation of practices related to corporate risk management, business continuity, health and safety and other control domains handled by various corporate teams.
7. Reviews the effectiveness of corrective and preventive actions until closure of the incidents, problems, and non-compliances. Participates in incident/emergency handling in events with significant corporate impacts.
8. Recommends, endorses, and provides, where possible, required resources for EIAN ISMS implementation, maintenance and improvements
9. Actively participates in the preparation and conduct of EIAN ISMS Audits, Management Reviews and other ISMS related meetings for corporate oversight, resource review and provisioning, and EIAN security process improvements.
10. Assists the DISMR in liaising with internal and external entities on matters related to the EIAN ISMS especially those with corporate relevance.
11. Conducts regular, informal observation/review sessions on EIAN operations preferably on a quarterly basis.
12. Monitors information security changes and incidents with corporate significance/impacts
13. Monitors EIAN compliance to IS corporate and industry/legal mandates.
14. Conducts or coordinates the conduct of cascades, updates, training sessions as needed.

 

[smohanarangan]

Information was helpful. Thank you.