Scribd
Upload
135 views4 pages

5 2+Information+Security+Roles+and+Responsibilities

This policy outlines roles and responsibilities for information security. Senior management is responsible for overseeing the information security program while the information security manager develops and maintains the program. Information owners are responsible for classifying, protecting, and managing information assets, while information custodians implement protection measures. All personnel must comply with information security policies and procedures and report any incidents. Non-compliance may result in disciplinary action up to termination. The policy is reviewed annually.

Uploaded by

pomowoh476
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
135 views4 pages

5 2+Information+Security+Roles+and+Responsibilities

This policy outlines roles and responsibilities for information security. Senior management is responsible for overseeing the information security program while the information security manager develops and maintains the program. Information owners are responsible for classifying, protecting, and managing information assets, while information custodians implement protection measures. All personnel must comply with information security policies and procedures and report any incidents. Non-compliance may result in disciplinary action up to termination. The policy is reviewed annually.

Uploaded by

pomowoh476
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Information Security Roles and Responsibilities Policy

Objective: To ensure that personnel understand their roles and responsibilities in


maintaining the confidentiality, integrity, and availability of information.

Scope: This policy applies to all personnel and other interested parties who access or
manage information assets within the organization.

Policy Statement:

Roles and Responsibilities:


a. Senior management is responsible for providing direction and oversight of the
information security program.
b. The information security manager is responsible for the development,
implementation, and maintenance of the information security program.
c. Information owners are responsible for the classification, protection, and use of
information within their domain.
d. Information custodians are responsible for implementing the protection measures
specified by the information owners.
e. Personnel are responsible for following information security policies and procedures
and reporting any incidents or vulnerabilities to their supervisors.

Information Security Management System (ISMS):


a. The information security manager is responsible for the development,
implementation, and maintenance of the ISMS.
b. All personnel are responsible for complying with the ISMS and reporting any incidents
or vulnerabilities to their supervisors.

Access Control:
a. Information owners are responsible for defining the access requirements for their
information assets.
b. Information custodians are responsible for implementing the access controls
specified by the information owners.
c. Personnel are responsible for following access control policies and procedures.

Physical and Environmental Security:


a. Information owners are responsible for defining the physical and environmental
protection requirements for their information assets.
b. Information custodians are responsible for implementing the physical and
environmental protection measures specified by the information owners.
c. Personnel are responsible for following physical and environmental security policies
and procedures.

Information Systems Operations:


a. Information owners are responsible for defining the operational requirements for their
information assets.
b. Information custodians are responsible for implementing the operational measures
specified by the information owners.
c. Personnel are responsible for following information systems operations policies and
procedures.

Information Security Incident Management:


a. All personnel are responsible for reporting information security incidents to their
supervisors.
b. Supervisors are responsible for escalating incidents to the information security
manager.
c. The information security manager is responsible for managing information security
incidents and coordinating response efforts.

Responsibility: All personnel and other interested parties who access or manage
information assets are responsible for understanding and complying with their roles and
responsibilities as outlined in this policy.

Compliance: Non-compliance with this policy may result in disciplinary action, up to


and including termination of employment or contract.
Review: This policy will be reviewed annually or as necessary to ensure its continued
relevance and effectiveness in maintaining the confidentiality, integrity, and availability
of information.
The support of top management is crucial for successful implementation of the information
security management system.
The top management role is assigned to a person or group of persons who manage and control
the organization at its highest level.
The persons in this role are responsible for definition of the organization's strategy, definition of
goals, and the scope of the information security management system.
Leadership and involvement with regard to the Information Security Management System.
Definition of Roles.
Assignment of Responsibilities and rights in the Organization.
Provision of Resources and budget Approval.
Participation in management Reviews and isms Improvement.
The person in this role in the context of data protection should be aware of his or her influence
on
the goals, strategy and improvement of the Information Security Management system compliant
with ISO

The internal auditor role is responsible for the participation in the audit management process,
preparation and distribution of the audit report.
Assessment of organizations compliance with approved security measures in Statement of
Applicability.
Preparation of audit criteria to increase its quality development of technical expert skills in the
areas required in the organization.

Improvement and development of management systems in the organization.


The person in this role should be able to combine the practice of auditing information security
management
systems with knowledge on the organization and its security measures in terms of information
security.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy