Professional Documents
Culture Documents
5 2+Information+Security+Roles+and+Responsibilities
5 2+Information+Security+Roles+and+Responsibilities
5 2+Information+Security+Roles+and+Responsibilities
Scope: This policy applies to all personnel and other interested parties who access or
manage information assets within the organization.
Policy Statement:
Access Control:
a. Information owners are responsible for defining the access requirements for their
information assets.
b. Information custodians are responsible for implementing the access controls
specified by the information owners.
c. Personnel are responsible for following access control policies and procedures.
Responsibility: All personnel and other interested parties who access or manage
information assets are responsible for understanding and complying with their roles and
responsibilities as outlined in this policy.
The internal auditor role is responsible for the participation in the audit management process,
preparation and distribution of the audit report.
Assessment of organizations compliance with approved security measures in Statement of
Applicability.
Preparation of audit criteria to increase its quality development of technical expert skills in the
areas required in the organization.