I disagree however, if you believe It could be valuable you could have a far more unique objective and set a timescale on it. Possibly This might be an goal that is something about number of incidents for being under X by December 2024. Roles and Duties (section three) The segment on roles and responsibilities is not demanded for ISO27001 but I lik