User
is it best practice to have the CEO approving the control of documents? my worry is the CEO to become a bottle nick for the organization since he have to review any changes to the documents. please clairify.
Experta
In smaller companies, it is best practice for the CEO to approve all ISMS documents. However, in mid-size and larger companies, the responsibility for approving documents can be divided among senior management, security officers, and heads of departments to prevent bottlenecks.