That is not a requirement. According to ISO 27001 clause 5.3, you are required to define and assign roles with regards to information security, but these do not have to be dedicated persons.

For example, the role of security officer can also be assigned to a project manager, your CTO or a security-minded engineer.

All our clients have passed certification the first time.
Join them today!

Order now   Book a demo