Setting up an information security management system (ISMS) means to assign tasks within the company in the following:
The information security officer (ISO) has a major role. The ISO is the first point of contact in the company when it comes to information security issues. One of the decisive factors for the successful implementation of his/her work is the location of the role within the organization. To avoid conflicts of interest and maintain independence, the function should not be in the IT department.
Ideally, the ISO should have primary responsibility for all stages of ISMS implementation. From the design planning to the set-up, the subsequent operation to the permanent review and improvement. In the context of a possible certification, the ISO is also the contact person for the auditors of the certification body.
The ISO has technical know-how and carries the idea of information security into the company, i.e., one of his/her tasks is to effectively communicate and involve the employees during the ISM process. It is fundamental for the motivation of employees to engage and
ePrivacy has supported many companies in setting up and implementing their ISMS. We work closely with the responsible information security officers and support them in all data protection-related topics.