>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SG-11Security Roles and Responsibilities

>Control Description

Roles and responsibilities for the governance of Information Security within Organization are formally documented within the Information Security Management Standard and communicated on the Organization intranet.

Theme

Process

Type

Preventive

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure organization's information security standard consists of roles and responsibilities for the governance of information security within organization and uploaded on the corporate intranet and made available to all employees. 2. Ensure, ISMS steering committee is conducting monthly meetings whose, minutes are documented and communicated to relevant stakeholders.

>Testing Procedure

1. Inspect Organization's Information Security Management Standard to determine whether it was communicated and defined information security roles and responsibilities for the governance of information security within Organization. 2. Observed Organization's corporate intranet to determine whether the Information Security Management Standard is communicated to the company. 3. Inspect the most recent ISMS Steering Committee Meeting minutes to determine the participation from the security leadership team, and establishment and communication of security goals and milestones.

>Audit Artifacts

E-SG-10

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
9

ID.AM-6
ID.BE-2
ID.BE-3
ID.GV-2
PR.AT-2
PR.AT-3
+3 more

CIS Controls
1

17.5

ISO 27001
6

5.1(f)
5.1(g)
5.1(h)
5.3
6.2(h)
7.2

ISO 27002:2022
1

6.5

FedRAMP Rev 5
2

CA-06
PL-04

PCI DSS
1

12.1.3

HIPAA Security Rule
2

164.308(a)(2)
164.308(a)(3)(i)

SOC 2
1

CC1.3

BSI C5
5

BCM-01
COM-01
OIS-01
OIS-02
OIS-06

TX-RAMP
2

CA-6
PL-4

Ask AI

Configure your API key to use AI features.