Read the requirements of ISO 27001 Clause 5.3: Organisational Roles, Responsibilities and Authorities, which requires top management to establish and communicate clear ISMS roles and responsibilities.
This version of clause 5.3 is applicable to both ISO 27001:2022 and ISO 27001:2013.
The involvement of the organisation's top management is an essential part of the standard and critical for information security. Top management must establish and communicate clear roles and responsibilities for the ISMS to carry out the functions of information security to appropriate people.
The standard requires the top management to assign the responsibility and authority to ensure all the requirements of the ISMS are met and to report the performance of ISMS. The successful implementation of clause 5 will provide accuracy, support and guidance from top management.