for Information Security Management System (ISMS)
- All department boxes are editable, position and level depending of organization hierarchy and business process
- Internal Audit Department & CISO are mandatories
- IA and CISO can be employee from other function (marketing, finance, GA, IT ....)
- CISO is better from Information Technology background