Chat with Experta

User
is it best practice to have the CEO approving the control of documents? my worry is the CEO to become a bottle nick for the organization since he have to review any changes to the documents. please clairify.
Experta
In smaller companies, it is a common best practice for the CEO to approve all ISMS documents. However, in larger organizations, it is recommended to distribute the responsibility for approving documents among senior management, security officers, and heads of departments to avoid bottlenecking the CEO. This approach can help streamline the approval process and ensure that documents are reviewed by relevant stakeholders.