With the principle of adequacy
Everyone is waiting for the designation of the responsible person and the writing of documentationThe decree further establishes a non-exceeding minimum that must be met by every liable person. And in addition in accordanceand taking into account the security needs of the organization it also lists other security measures that should at least be considered.Every entity that falls under regulation will be required to have a r security.Similar to the commissioner in the field of personal data in the case Indonesia WhatsApp Number Data of GDPR also in the case of NIS2 the European regulation envisages a dedicated employee responsible for the management and development of cyber security monitoring its status and communicating with top management. This person must either demonstrate professional competence or undergo appropriate training.
https://lh7-us.googleusercontent.com/-tfNwQgPm3h5LfHYNTqFEE4GDzUEF4aQL9ZjsasmyyrZkgFzn9hZ23TCvPkcW6EbTVvTACZT73KDDu58FWnZFKfMWKxvCFow37h2ibzTLHPDPLomTTF7rALgfxiTe-F2nNjjgqEtNKPvcCU5LXCjTcE
Each regulated entity is then obliged to draw up an overview of security measures with a distinction between those that have already been implemented those that are yet to be implemented including the date when this will happen and those that are not planned to be implemented including the justification why. It is then necessary to update this overview at least once a year and to keep the history of individual overviews with which top management has been demonstrably familiar for a period of at leastyears.
頁:
[1]