No. ISO 27001 requires defined ownership and accountability, but not necessarily a large internal security department. Responsibilities can be distributed across existing roles provided they are documented and consistently executed.
Do we need a dedicated security team to become ISO 27001 certified?
Share This Story, Choose Your Platform!
About the Author: Raj
