Tasks of the information security officer (ISO)

In order to successfully implement an information security management system (ISMS) in a company, every company needs an information security officer (ISB). In this article we show you the extensive tasks of the ISB.

Selection and appointment of the information security officer

The IM is appointed to the IM via an official document, the “Certificate of Appointment for Information Security Officer”. He is directly subordinate to your management and is supported in the fulfillment of his tasks by the entire management using the expertise in the field of information security.

The IM should have appropriate technical training and several years of professional experience in information and IT security. This should include basic knowledge of programming and system administration as well as knowledge of security technology. In this area, regulatory requirements, such as the GDPR as well as the classic management skills, such as project management skills. The ISB thus represents the interface function between IT technology and the management level. We would be happy to support you here and provide you with an external ISB.

Information security officer (ISB) responsibilities

The ISB has a wide range of tasks in the company. These vary depending on the size of the company and the organization. The information security officer is essentially responsible for the entire structure of the ISMS and, within this framework, for setting up and coordinating information security goals together with the management. Ideally, he should adhere to the requirements of ISO: 27001. He is responsible for all activities required to establish, implement and maintain the ISMS. He reports directly to management on the status of the ISMS. The IM guarantees the implementation of improvement measures based on identified weak points. It creates an organization-wide awareness of information security. Information security incidents are reported to the IM, analyzed and promptly stored with security measures and implemented. Approval from your management is required.

The continuous maintenance, the review of all documents and the constant updating of the information security lines represent the basis for a successful ISMS of your company and thus also for the achievement of the ISO: 27001 or TISAX® certification.

The ISB must create information security awareness

The ISB is the primary contact for all issues relating to information security. He supports and advises the management and all business areas related to information security. He supports the risk manager or holds this position himself and regularly reviews the results of the risk assessment. Please also read the article “ISMS – simply explained, part 2: Risk management as an essential part of the ISMS”.

A fundamental task is to create information security awareness within the entire company. Ideally, he or she conducts employee training or awareness campaigns himself. We offer special awareness training courses to make your employees aware of the issues of information security and data protection. Last but not least, he is responsible for the planning and coordination of internal and external audits within the framework of ISO: 27001 and / or TISAX®.

We are happy to support and advise you personally in the selection and implementation. We also offer training courses to raise awareness among your employees. Our certified IT specialists are happy to be there for you. Simply fill out our contact form or write an email to info@aigner-business-solutions.com. We can also be reached by phone at 08505 – 91927-0