Delegation of tasks

Yes, when the organisation shares information security organisational structures, policies, processes and procedures with other organisations or with areas of their own organisation that are not part of the approval or declaration, the accountable manager may delegate their activities to a common responsible person.

Coordination measures shall be established between the accountable manager, or accountable managers for those entities holding multiple approvals, and the common responsible person to ensure adequate integration of the information security management within the organisation(s).

This is an organisational decision depending on the necessary competencies that this person needs to have. The accountable manager may decide to delegate certain responsibilities to a person or group of persons, taking into account their competencies and the requirements detailed in point IS.OR.240 and the related acceptable means of compliance and guidance material (AMC & GM).