+ISMS.1.A5 Contract Design When Appointing an External Chief Information Security Officer [Top Management] (B)

1. Overview

ISMS.1.A5 Contract Design When Appointing an External Chief Information Security Officer [Top Management] (B)

An organisation's Top Management MUST appoint an external Chief Information Security
Officer (CISO) if the role of CISO cannot be filled by an internal employee. The contract with
the external CISO MUST include all the tasks of the CISO and their related rights and
obligations. The contract MUST include an appropriate confidentiality agreement. The
contract MUST ensure that the corresponding relationship is terminated in an orderly fashion,
including with regard to the handover of tasks back to the organisation in question.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022