Management Representative and Information Security Officer for ISO27001

A

Affour

#1
Need some clarification...
Is the appointment of MR for ISO27001 ISMS compulsory?
What differentiate MR and Information Security Officer in term of their roles?
Can a person be appointed for both MR and IS Officer? And at the same time the same person is also the MR for other management systems.:confused:
 
Elsmar Forum Sponsor

Richard Regalado

Trusted Information Resource
#2
Need some clarification...
Is the appointment of MR for ISO27001 ISMS compulsory?
What differentiate MR and Information Security Officer in term of their roles?
Can a person be appointed for both MR and IS Officer? And at the same time the same person is also the MR for other management systems.:confused:
Hi Affour. Excellent question.

There is no requirement for an MR (management representative) for ISO/IEC 27001 unlike other standards such as ISO 9001 and BS 25999.

In fact the word "representative" appears only once in the standard and only on Control A.6.1.2 Information security coordination wherein it is required (if you implement this control) that you have representatives from various parts of your business coordinating information security activities.

In my practice, I normally nominate what I call an ISMR (information security management representative) who will be responsible for the ISMS much like a QMR (circa ISO 9001:1994) is responsible for QMS.

In some organizations, the ISO (or the CISO) is also the ISMR. What is important is that the roles and responsibilities are defined (see control A.6.1.3).

Yes an MR can also be the ISO (information security officer).
 
A

Affour

#3
Thanks for your info.
With the appointment of ISMR do you still need to appoint ISO/CISO?
Does the ISO/CISO had to be someone who is technically knowledgable in the IT facilities within the ISMS scope?
 
R

RAVINDER KUMAR DUDI

#4
Idon't think So. Becouse besic need for iso/ciso is excellence in security management systems. MR issue is totally seprate and diffrent. However one question always remains "Who looks on implementation part"?..
 
Thread starter Similar threads Forum Replies Date
J Management Representative and PRRC (Person Responsible for Regulatory Compliance) ISO 13485:2016 - Medical Device Quality Management Systems 4
L ISO 13485 5.5.2 - Can a consultant be our Management Representative ISO 13485:2016 - Medical Device Quality Management Systems 5
R Who is the Management Representative in my company? ISO 13485:2016 - Medical Device Quality Management Systems 6
S API Spec Q1 - How to define Management Representative competency for QMS Oil and Gas Industry Standards and Regulations 12
S Is management representative a temporary post or a job title Management Review Meetings and related Processes 16
S Management representative transition checklist IEC 27001 - Information Security Management Systems (ISMS) 7
J AS9100D Management Representative AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
P How to identify the Management Representative ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Audit of Management Representative Activities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
S Quality Management Representative confusions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
L Who should be appointed as the Management Representative? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
T Changes in ISO9001:2015 to the requirements for a management representative ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C AS9100 Management Representative - Can it be an outsider? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
M Is a Management Representative still needed for ISO 13485:2015? ISO 13485:2016 - Medical Device Quality Management Systems 7
K Difference between being a Management Representative and being a Lead Quality ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
D Management Representative is an Accountant ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
T ISO 9001:2008 Management Representative and other Management Staff ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 31
X Matrix for: Established, implemented, maintained (5.5.2 Management Representative) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
E Do I need to notify the FDA of Management Representative changes? Other US Medical Device Regulations 3
K Management Representative Responsibilities for Multiple Standards Misc. Quality Assurance and Business Systems Related Topics 11
R Distinction between Management Representative vs. Quality Manager Responsibilities IATF 16949 - Automotive Quality Systems Standard 5
eternal_atlas Audit of Management Representative Functions (ISO 9001 & OHSAS 18001) Occupational Health & Safety Management Standards 9
M Is Management Representative a loose cannon or am I unnecessarily concerned? Quality Manager and Management Related Issues 6
G Management Representative as Lead Auditor within a Company Internal Auditing 6
T Management Representative - Member of Management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
K Selection Criteria for choosing a Management Representative for QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
S Management Representative Requirements and Responsibilities Clarification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
P Can one Management Representative operate between two sister firms ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 55
P Level of Management Representative in Organization Chart Quality Management System (QMS) Manuals 5
P Level of Management Representative in an Organization Chart Misc. Quality Assurance and Business Systems Related Topics 4
M New QMR (Quality Management Representative) in need of advice ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V Is a Quality Representative (Management Representative) Designee Required? Management Review Meetings and related Processes 22
K Management Representative is NOT a member of Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 246
K More than One Management Representative? ISO 13485:2016 - Medical Device Quality Management Systems 3
Q Quality Management Representative - Does the QMR HAVE to be a member of management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
sridharafep Who does the Management Representative Report To? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
S Work as a QMR (Quality Management Representative) Quality Management System (QMS) Manuals 5
B Small Companies and the ISO 9001 Management Representative ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 31
B Management Representative Responsibilities Misc. Quality Assurance and Business Systems Related Topics 17
E AS9100 - Is the Management Representative a Top Manager? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 13
N Management Representative - Specific Training Required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 46
A MR (Management Representative) also doing Internal Audits? Internal Auditing 27
C Can an MR (Management Representative) be a Document Controller as well? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
J Management Representative Requirements - ISO 9001 - 5.5.2 Clarification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Z Involvement of Management representative (ISO 3834) in Quality Department Misc. Quality Assurance and Business Systems Related Topics 7
L Management Representative - 2 Person Device Company 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 16
A What is criteria to be Management Representative (MR)? Is there any standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
W MR (Management Representative) Requirements and Responsibilites ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S Management Representative - Example procedure needed Document Control Systems, Procedures, Forms and Templates 20
M Management Representative Appointment Letter Template Document Control Systems, Procedures, Forms and Templates 19
Similar threads


















































Top Bottom