The organization shall have a sufficient number of trained, supervised and, where necessary, properly security cleared personnel who play key roles in information security, performing management tasks related to the information security management system.
The organization has defined:
The owner of the task regularly reviews the number and level of competence of the security personnel.