NIS2: who should be the person responsible for the security of information systems?

These information protection requirements affect a wider circle than ever before, based on preliminary estimates, 2,500-3,000 companies were directly affected. The companies concerned have just two months until June 30, 2024 to register with the Regulatory Authority for Regulated Activities (SZFTH). During registration, in addition to providing administrative and technical company data, the data and contact information of the person responsible for the security of information systems (IBF) must also be indicated. Péter Kóczé, the head of the digital business of the international business and tax consulting company Grant Thornton, helps us think about how to choose the optimal solution for the company.

During the SZFTH registration, one of the most important questions is the designation of the IBF. “In our opinion, this decision is difficult for companies with an international background, even though the “Cyber ​​Science Act” does not formulate any specific expectations and requirements regarding the designated person in charge, and expressly allows the position to be filled even with the involvement of an external expert” – says Péter Kóczé, the head of the digital business of the international business and tax consulting firm Grant Thornton.

Outsourcing the information security officer may at first seem like a rational solution when the professional knowledge, experience or resources required for the position are not available in-house. However, experience shows that many companies still register an information security officer from among their internal employees on the SZTFH form.