"Top management shall assign the responsibility and authority for:
a) ensuring that the ISMS conforms to the requirements of this document;
b) reporting on the performance of the ISMS to top management."
This means top management is not solely responsible for directly reporting on performance—it can assign this responsibility to a qualified individual (such as an ISMS manager, CISO, or another responsible party). Therefore, Option A is incorrect and violates the intent of Clause 5.3.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit