Level N/A
The organization should provide a mechanism for personnel to report observed or suspected information security events through appropriate channels in a timely manner.