If you\u2019re planning to start your ISO 27001 and\/or ISO 22301 project, you\u2019re probably wondering who could lead such a complex project \u2013 what type of person do you need, with which authorities, and should you go with someone in-house or someone from the outside?<\/p>\n
First of all, don\u2019t even think of starting to implement these standards without a project approach \u2013 to succeed, you need a project manager, project sponsor, clearly defined milestones and deadlines, etc. See also: ISO 27001 project \u2013 How to make it work<\/a>.<\/p>\n Since ISO 27001<\/a>\u00a0and ISO 22301<\/a>\u00a0are closely related to information technology, the project manager should have at least average knowledge of IT; however, this project should not be treated as an IT project, so you should avoid having someone from your IT department lead this kind of a project. See also:\u00a05 greatest myths about ISO 27001<\/a>.<\/p>\n What you need is someone with a balanced knowledge of IT and of your company\u2019s business processes, because managing information security is, in most cases, related to organizational issues (developing policies and procedures, defining responsibilities and change management), not the technology.<\/p>\n Since the manager of these kinds of projects will often run into opposition from some of their colleagues, such person should have enough authority either by position or by respect from his\/her peers.<\/p>\n Once this project is over, this person is the most likely candidate to become your Chief Information Security Officer (CISO) or Business continuity manager. For smaller companies, you will usually have one position that covers both information security and business continuity, while in larger companies these functions will be separate \u2013 although very often in the same department. See also: Chief Information Security Officer (CISO) \u2013 where does he belong in an org chart?<\/a>Profile of the project manager<\/h2>\n
\n