Appoint an information security officer

The Information Security Officer is primarily charged with defining and implementing your organizations security policy. Concretely, the ISO guarantees the availability, security, and integrity of the information systems and data.

As many small- and medium-sized provider organizations struggle with basic security mechanisms giventthe limited resources, an Information Security Role can help analyzing your requirements. The Information Security Officer Role doesn't have to be a dedicated person, choose somebody in your organisation that is willing, and able, to perform this role. Consider attending Security training, and allocate time needed to perform the role

The designated person has the following skills:

  • managing security and risks (performing risk assessments);
  • developing procedures related to information security and/or data protection;
  • developing a security plan and security advice;
  • applying applicable standards (for example ISO27001 or 27002);
  • performing security audits or audits related to data protection.
  • Advocate Information Security throughout the company