Appoint an information security officer
The information security officer is primarily charged with defining and implementing the company's security policy. Concretely, the officer guarantees the availability, security, and integrity of the information systems and data.
The designated person has the following skills:
- managing security and risks (performing risk assessments);
- developing procedures related to information security and/or data protection;
- developing a security plan and security advice;
- applying applicable standards (for example ISO27001 or 27002);
- performing security audits or audits related to data protection.