A responsible person has been appointed for the provider companies, who monitors the provider's activities, communications and compliance with the contract.
Responsible person must have sufficient skills to analyze cyber security requirements depending on the criticality of the provider. Responsible person also ensures that the provider appoints an own responsible person to ensure compliance with the contract and facilitate cooperation.
Top management must ensure clear responsibilities / authority on at least the following themes:
The ISMS theme owners are presented on the desktop of the management system and in the Information security policy report.
In addition, top management shall ensure that all roles relevant to information security, as well as related responsibilities and authorities, are defined and communicated.