That is not a requirement. According to ISO 27001 clause 5.3, you are required to define and assign roles with regards to information security, but these do not have to be dedicated persons.

For example, the role of security officer can also be assigned to a project manager, your CTO or a security-minded engineer.

Start your ISO 27001
journey today!

Order now   Book a demo