That is not a requirement. According to clause 5.3, you are required to assign roles and responsibilities for the management system, but these do not have to be dedicated persons.

For example, the responsibility for the ISMS (ISO 27001) can be assigned to the CTO or a security-minded engineer. The responsibility for the QMS (ISO 9001) can be assigned to a project or service manager. Just as long as you feel they have the required competences.

100% first time success rate!
Start with confidence.

Order now   Book a demo