ISO 27001 Clause 5.3 and Clause 7.1 Resources and Roles & Responsibility
Organizational roles, responsibilities and authorities Required activity Top management ensures that responsibilities and authorities for roles relevant to information security are assigned and communicated throughout the organization. Implementation Guideline Top management ensures that roles and responsibilities also because the necessary authorities relevant to information security are assigned and communicated. The purpose of this requirement is to assign responsibilities and authorities to make sure conformance of the ISMS with the wants of ISO/IEC 27001 , and to make sure reporting on the performance of the ISMS to the highest management. Top management should regularly make sure that the responsibilities and authorities for the ISMS are assigned in order that the management system fulfils the wants stated in ISO/IEC 27001. Top management doesn’t get to assign all roles, responsibilities and authorities, but it should adequately delegate authority to do this. ...