Policy Generator | InfoSec Policies | Roles and Responsibilities Policy
Roles and Responsibilities Policy
All your company policies and legal agreements in one platform
What is a Roles and Responsibility Policy?
The Roles and Responsibility Policy defines the critical roles and responsibilities relating to Information Security. This document should also clarify the difference between responsibility and accountability. Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless, they remain accountable and should determine that any delegated tasks have been correctly performed.
In order to fulfill the roles and responsibilities assigned, individuals must be competent in the area and there should be a reference in this document to the provision of appropriate training.
Why is a Roles and Responsibilities Policy important?
It is important that information security roles and responsibilities are clearly defined and allocated. For example, it should be clear who is responsible for the following:
- protection of individual assets – within an asset inventory
- information security risk management activities and in particular for acceptance of residual risks
- the maintenance of each company policy
- the implementation of controls designed to mitigate information security risks as outlined in the company policies
- the execution of information security tasks that are required to fulfil control objectives
- the information security risks associated with suppliers
- external information security communications, such as those with authorities or special interest groups e.g. The National Cyber Security Centre (NCSC) or Information Commissioner’s Office (ICO)
ISO 27001 Roles and Responsibilities Policy
InfoSec policies are part of the requirements of the ISO 27001 Certification standard. The Roles and Responsibilities policy is one of those ISO 27001 policies required, you can take a look at the full list here.
Roles and Responsibilities Policy Sections
Responsibility for key information security tasks
Accountability for key information security tasks
The segregation of duties
External information security communications
Roles and Responsibilities Policy Related
Related terms: Infosec Roles, application security roles and responsibilities, infosec roles and responsibilities, information security roles and responsibilities, segregation of duties, contact with authorities, contact with special interest groups, management responsibilities, accountability, responsibilities, segregation of duties, roles and responsibilities procedures.
Framework references: ISO 27001
Create your Roles and Responsibilities Policy now
Simply register for free and create your custom policy within minutes.
The Roles and Responsibilities Policy is part of the BUILD plan
How does it work?
Select a policy from our library of over 70 policies
Answer simple questions
Our platform generates your bespoke policy
Sign-off and share in seconds
Always aligned with the latest legislation ISO and GDPR Compliance
Some of the companies trusting Adoptech