By: Dan Richards
Getting management support when setting up your ISO 27001 ISMS program is incredibly important to ensure its viability within your organization. There’s a lot of reasons for this, but the most important one is that it makes your ISO 27001 program real and not just something that’s done in the corner by one person without organizational support.
Management should actively support the ISMS by giving clear direction through policies and demonstrating organizational commitment by allocating budget dollars to the program success. Management needs to also play a role in explicitly assigning information security responsibilities to suitable people.
Management should also approve the information security policies, allocate resources to the program success, and assign security rolls and coordinate the review of the implementation of the program across the organization.
Management support makes the information security program more effective throughout the organization and helps to ensure that it is aligned with the business and other strategic objectives.
To prove management support can be done in a few different ways. The most common of ways include management approval of the ISMS scope documentation (which is required), documented approval of organizational security policies, in evidence that budget dollars have been allocated to build the ISO 27001 ISMS security program within the organization