The organization shall provide a mechanism for personnel to report observed or suspected information security events through appropriate channels in a timely manner.
Last updated 1 year ago