FAQ n.139299

Does the organisation need to establish a separate representative for the information security management system (ISMS)?

Answer

This is an organisational decision depending on the necessary competencies that this person needs to have. The accountable manager may decide to delegate certain responsibilities to a person or group of persons, taking into account their competencies and the requirements detailed in point IS.OR.240 and the related acceptable means of compliance and guidance material (AMC & GM).

Last updated
22/01/2024

Was this helpful?