When looking at ISO27001, what are examples of relevant authorities under Annex A.6. As a US company, we may model our work around GDPR, but we don't necessarily have a legal requirement to follow it. With that said, are there any other authorities we would want to maintain contact with?
First is important to note that this answer greatly depends on the information about your organization’s industry.
For example, organizations’ from the critical infrastructure industry (e.g., chemical, communication, emergency services, energy, etc.) the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) would be examples.
We suggest you seek legal expert advice to identify authorities related to your organization’s industry.