FAQ n.139299

Does the organisation need to establish a separate representative for the information security management system (ISMS)?


This is an organisational decision depending on the necessary competencies that this person needs to have. The accountable manager may decide to delegate certain responsibilities to a person or group of persons, taking into account their competencies and the requirements detailed in point IS.OR.240 and the related acceptable means of compliance and guidance material (AMC & GM).

Last updated

Was this helpful?