HR-19 Security Officer

What is this HR-19 Security Officer Control?

A dedicated staff member must be assigned the role of a security officer to oversee the security goals of the organization. The role and responsibilities must be defined and documented. The person selected for the role must be qualified and competent.

This control is built into the Information Security Policy and can be addressed by assigning a dedicated staff member.

Available tools in the marketplace

Tools

No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• N/A: no template is available for this control

Control implementation

To implement this control:

You need to designate a security officer and document their role in the policy. TrustCloud has an Information Security Policy, and within the policy, you can assign a dedicated staff member.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide evidence of your security officer’s roles and responsibilities.

Evidence example

For the suggested action, an example is provided below:

The following screenshot shows the roles and responsibilities of the Security officer.