HR-19 Security Officer

What is this control about?

Security Officer – A dedicated staff member must be assigned the role of a security officer to oversee the security goals of the company. The role and responsibilities must be defined and documented. The person selected for the role must be qualified and competent.

This control is built within the Information Security Policy and can be addressed by assigning a dedicated staff member as the security officer.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – no template for this control

Control implementation

This requires your organization to designate a Security Officer. Once the security officer is designated, document their role in a policy. TrustCloud has an Information Security Policy and within the policy, you have the opportunity to assign a dedicated staff member.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide evidence of your Security Officer roles and responsibilities

Evidence example

From the suggested action above, an example is provided below.

1. Provide evidence of your Security Officer roles and responsibilities