Professional Documents
Culture Documents
ACPL-ISMS-C5.2 (Information Security Roles & Responisiblities)
ACPL-ISMS-C5.2 (Information Security Roles & Responisiblities)
ACPL-ISMS-C5.2 (Information Security Roles & Responisiblities)
Policy
Document ID ACPL-ISMS-C5.2
Document Classification Internal
Issue Date (effective from) 01.12.2023
Version No 1.0
Latest Review Date 01.12.2023
1. Control statement
Information security roles and responsibilities should be defined and allocated according to the
organization needs.
2. Purpose
To establish a defined, approved and understood structure for the implementation, operation and
management of information security within the organization.
3. Scope
This document sets forth the policy of the organization with regard to the responsibility for the use
of, access to, review, and disclosure of information system resources, including those stored, sent or
received by the users. This includes all computer and data information systems and ownership of all
assets in the organization.
4. Procedure
2. Allocation of information security responsibilities are done in accordance with the information
security policies
3. Responsibilities for the protection of individual assets and for carrying out specific information
security processes are identified.
4. Responsibilities for information security risk management activities and in particular for
acceptance of residual risks are defined.
5. These responsibilities have been supplemented, where necessary, with more detailed
guidance for specific sites and information processing facilities. Local responsibilities for the
protection of assets and for carrying out specific security processes are defined.
6. Individuals with allocated information security responsibilities may delegate security tasks to
others. Nevertheless, they remain accountable and should determine that any delegated tasks
have been correctly performed.
7. Areas for which individuals are responsible should be stated.
Doc ID: ACPL-ISMS-C5.2 Version 1.0 Last Rev. Date: 01.12.2023 Page 2 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.
Information Security Roles & Responsibilities Policy
The entity responsible for each asset or information security process have been
assigned and documented
Authorization levels should be defined and documented;
To be able to fulfil responsibilities in the information security area the appointed
individuals are competent in the area and are given opportunities to keep up to date
with developments; coordination and oversight of information security aspects of
supplier relationships have been identified and documented.
9. The responsibility for resourcing and implementing the controls will remain with individual
managers.
10. An owner for each asset who then becomes responsible for its day-to-day protection.
5. Reference
6. Revision History
Doc ID: ACPL-ISMS-C5.2 Version 1.0 Last Rev. Date: 01.12.2023 Page 3 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.