Back

Assign a contact person to all business units.


CONTROL ID
07144
CONTROL TYPE
Establish Roles
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain high level operational roles and responsibilities., CC ID: 00806

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A point of contact shall be designated for facilitating communications between each party on matters covered by this agreement. (Art 37 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • The point of contact shall identify the appropriate person to forward the inquiry to and assist in facilitating communications between the identified person and the requesting party, as necessary. (Art 37 ¶ 2, Anti-Counterfeiting Trade Agreement)
  • To ensure that correct information is communicated to customers, the contact for public relations should be integrated. As examples of information to be provided, the details and cause of troubles, and prospect for recovery could be involved. (P70.6. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In addition, it is necessary to pre-designate the person responsible for providing various information to the public relations division. (P70.6. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is necessary to establish points of contact that respond to inquiries, requests for consultation, and notifications from customers. In addition, it is necessary to respond to any notification in accordance with the specified procedures. (P115.4. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • As a minimum, a contact address and/or telephone number where customers can get in touch with the branch should be displayed in the store, and a responsible staff member for customer correspondence should also be appointed to ensure the reception of notification from customers. (P120.3., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Each Member State shall designate or establish a single point of contact. Where a Member State designates or establishes only one competent authority pursuant to paragraph 1, that competent authority shall also be the single point of contact for that Member State. (Article 8 3., DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
  • When designing and planning the security process the organization should appoint contact persons for all business processes and specialized tasks. (3.2 Bullet 1, BSI-Standard 100-2 IT-Grundschutz Methodology, Version 2.0)
  • Appoint contact persons for all business processes and specialised tasks (§ 3.2.4 Subsection 4 Bullet 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • A responsible contact person must be appointed for each business process and specialised task; this person acts as the so-called "information owner" for all issues relating to processing data within this business process. (§ 3.2.1 Subsection 2 ¶ 3 Bullet 5, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Information security management is only one of many management tasks, but it influences almost every area within an organisation. Therefore, information security management must be appropriately integrated into the existing organisational structures, and a contact person must be appointed. Tasks and… (§ 4.1 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • To avoid this, a competent and qualified contact person for data protection issues should be appointed, who accompanies any aspects of data protection within the organisation and ensures appropriate implementation and sufficient control. In such function, he/she closely cooperates with the Informati… (§ 4.9 ¶ 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • serving as a contact person regarding ICS security for local employees and within the whole organisation, (§ 4.7 ¶ 8 Bullet 6, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The Data Protection Officer must contribute that his/her organisation takes into account the requirements of data protection in a comprehensive manner. He/she must check the compliance with the data protection provisions in all areas. He/she performs his/her tasks mainly be counselling and inspectio… (§ 4.9 Subsection 3 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Suitable interview partners must be identified. A main contact person should be specified for each module used to model the IT system. The requirements in the modules include the roles that are responsible for implementation of the requirements. Based on this information, the appropriate contact per… (§ 6.3 Subsection 1 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The related business processes can also be acquired subsequently based on the applications (see section 8.1.2). The person responsible and the users of the application also should be acquired to be able to identify contact persons for security questions more easily and/or to be able to contact affec… (§ 8.1.3 ¶ 8, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Stipulate main contact person for all the modules used in the modelling (§ 8.4.1 Subsection 1 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Another step which needs to be performed before the gap analysis can be performed is to ascertain who are the appropriate people to interview. Initially, a main contact person should be stated for each individual module used to model the existing information domain. The requirements in the modules i… (§ 8.4.1 ¶ 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Local exporters should identify personnel to be the points of contact for the assessment team. (Supplement on Tin, Tantalum, and Tungsten App: B.1(5), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • The criminal justice information services systems agency information security officer shall be the security point of contact to the federal bureau of investigation criminal justice information services division information security officer. (§ 3.2.8(1), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Serve as the security point of contact (POC) to the FBI CJIS Division ISO. (§ 3.2.8 ¶ 1 1., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)