Appoint an information security officer

The Information Security Officer is primarily charged with defining and implementing your organization's security policy. Specifically, the ISO guarantees the availability, security, and integrity of the information systems and data.

As many small and medium-sized provider organizations struggle with basic security mechanisms given their limited resources, an Information Security Officer role can help to analyze the requirements. The Information Security Officer role doesn't have to be a dedicated person. Just choose somebody in your organization that is willing and able to perform this role. Consider attending Security training, and allocate time needed to perform the role.

The designated person has the following skills:

  • managing security and risks (performing risk assessments);
  • developping procedures related to information security and/or data protection;
  • devising a security plan and security advice;
  • applying applicable standards (for example ISO27001 or 27002);
  • performing security audits or audits related to data protection.
  • Advocate Information Security throughout the company