ISM-0730 Removed History Priority should 2010 The CISO should be the accreditation authority when a system undergoes accreditation; unless anexternal accreditation authority is mandated.