1.2 Roles, responsibilities and authorities
1.2.1 As part of their policy on the security of network and information systems referred to in point 1.1, the relevant entities shall
- lay down responsibilities and authorities for network and information system security and
- assign them to roles,
- allocate them according to the relevant entities’ needs, and
- communicate them to the management bodies.
1.2.2. The relevant entities shall require all personnel and third parties to apply network and information system security in accordance with the established network and information security policy, topic-specific policies and procedures of the relevant entities.
1.2.3. At least one person shall report directly to the management bodies on matters of network and information system security.
1.2.4. Depending on the size of the relevant entities, network and information system security shall be covered by dedicated roles or duties carried out in addition to existing roles.
1.2.5. Conflicting duties and conflicting areas of responsibility shall be segregated, where applicable.
1.2.6. Roles, responsibilities and authorities shall be reviewed and, where appropriate, updated by management bodies at planned intervals and when significant incidents or significant changes to operations or risks occur.
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!