How to assess competence when using the provisions of IS.I.OR.235 of Annex II (Part-IS.I.OR) to Commission Implementing Regulation (EU) 2023/203 or point IS.D.OR.235 of the Annex (Part-IS.D.OR) to Commission Delegated Regulation (EU) 2022/1645 to subcontract information security activities when the organisation does not have the necessary knowledge?
How to assess competence when using the provisions of IS.I.OR.235 of Annex II (Part-IS.I.OR) to Commission Implementing Regulation (EU) 2023/203 or point IS.D.OR.235 of the Annex (Part-IS.D.OR) to Commission Delegated Regulation (EU) 2022/1645 to subcontract information security activities when the organisation does not have the necessary knowledge?
Answer
Documentation of qualifications can be used in this regard as well as the experience (track of records, customers) of the organisation providing the services. For more information, see FAQ n.139300.
Last updated
22/08/2025