ISO 18788 Clause 7.1.2.2 focuses on the organizational structure of the Security Operations Management System (SOMS). It outlines the requirements for defining roles, responsibilities, authorities, and accountabilities within the organization's management structure. Here's an explanation of the key elements of this clause:
Clause 7.1.2.2 - Organizational Structure:
-
Clearly Defined Management Structure: The organization is required to have a clearly defined management structure. This structure should identify roles, responsibilities, authorities, and accountabilities for both its operations and services related to security operations.
-
Documentation of Organizational Structure: The organization must document its organizational structure, which includes details such as the duties, responsibilities, and authorities of management personnel. This documentation provides clarity and transparency within the organization.
-
Legal Entity Definition: If the organization is a defined part of a legal entity (e.g., a subsidiary or division of a larger corporation), it should define and document this relationship. This includes clarifying how the organization fits into the legal entity's overall structure and governance.
-
Joint Ventures and Partnering Arrangements: If there are any joint venture or partnering arrangements within the scope of the SOMS, these should be defined and documented. This ensures that the organization has a clear understanding of how such arrangements relate to its security operations.
In summary, this clause emphasizes the importance of having a well-defined organizational structure within the SOMS. By documenting roles, responsibilities, authorities, and accountabilities, the organization ensures that everyone understands their respective roles in security operations. Additionally, if the organization is part of a larger legal entity or has joint venture/partnering arrangements, these relationships should be clearly defined and documented to maintain transparency and governance.
