+ISMS.1.A6 Establishment of a Suitable Organisational Structure for Information Security [Top Management] (B)

1. Overview

ISMS.1.A6 Establishment of a Suitable Organisational Structure for Information Security [Top Management] (B)

An organisation MUST have a suitable higher-level organisational structure for information
security. For this purpose, roles MUST be defined that will take on specific tasks to achieve the
security objectives at hand. Qualified persons MUST also be appointed with sufficient
resources to take on these roles. The tasks, roles, responsibilities, and competencies in security
management MUST be defined and assigned in a transparent manner. Effective deputising
rules MUST be in place for all the important functions within an information security
organisation.
Communication channels MUST be planned, described, set up, and publicised. For all tasks
and roles, it MUST be specified who will inform whom, who must be informed of which
actions, and what information is to be provided.
It MUST be checked at regular intervals whether the organisational structure for information
security is still adequate or needs to be adapted to new framework conditions.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022