The project manager for ISO 27001 should be someone from inside the company who knows the details and cultural issues of the organization. It is not recommended to hire an external consultant as the project manager. The project manager should have enough authority, either by position or by respect from their peers, to handle any opposition they may encounter during the project. They should also have at least average knowledge of IT and a balanced knowledge of IT and the company's business processes. Good interpersonal skills and the ability to work well with the project sponsor are also important qualities for the project manager. In smaller companies, the person who runs the project may also perform the role of the security officer.