Roles & Responsibilities

Last updated on May 25, 2020

Security is everyone’s responsibility –this is true, however who is ultimately responsible for security within the organization? Defining roles and responsibilities regarding information security ensures that at all levels within the organization (which should encompass internal positions, vendors, and contractors), staff are familiar with their security responsibilities, and this should also be defined in job descriptions. Roles and responsibilities can be defined based on a responsibility assignment matrix (RACI), outlining who is responsible, who is accountable, and who should be consulted or informed regarding security matters.

Note: while there may be many people responsible for security, and many people to be consulted and/or informed, only one person should be accountable.

Expert Opinion - Roles and Responsibilities

Control Objective

At a hygiene level, roles and responsibilities should be defined and communicated. The roles and responsibilities (which could be a RACI) matrix should identify who occupies the roles.

Resources

BC Government Roles and Responsibilities

Roles and Responsibilities Template (see how to use the template below)

Fill out the cells highlighted in yellow
Once complete get sign-off from executives

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Roles & Responsibilities

Expert Opinion - Roles and Responsibilities

Control Objective

Resources