Sally Smoczynski, Managing Partner Radian Compliance, LLC

Organizations looking to implement ISO 27001 might assume that the IT group should run the project or manage the security controls long term. This session will delve into all of the aspects of an information security management system and the required interactions of all the players, not just IT. A resource can be defined as human, technical, information and financial. The ISMS requires interactions and ownership at all resource levels. While much of the protected information if electronic, the IT group is not always the decision makers, nor the process owners. They of course, have a critical role, but just as critical as everyone else.