Cyberguide - Centre for Cyber security Belgium
In addition to Management, and the Information Security Officer, you need to identify who inside, or oustside of your organisation will be implicated in case of an incident or breach.
Do not forget to include info from third parties (contact info, contractnumber, ..), especially when using services in the cloud.
This typically will include members from:
For each of those, you should have