An appointment letter is a formal document by which a person is officially designated for a specific role — e.g., as Information Security Officer (ISO), Data Protection Officer (DPO), or emergency coordinator.
The appointment letter documents the assigned responsibilities, authorities, and reporting lines. ISO 27001 requires the formal assignment of roles and responsibilities (clause 5.3). An appointment letter signed by top management gives the role authority and makes it demonstrable in audits. In Cenedril, the appointment letter for the ISO is created as part of the ISMS setup.