Roles
Category
|
Item
|
Responsible
|
Accountable
|
Consult
|
Inform
|
---|---|---|---|---|---|
Application | Create remediation plans for risks discovered on systems. | System Owner | Business Owner | FAS Data Analyst | DSCP Team |
Audit Prep | Prepare documentation for audit | FAS Data Analyst | FAS Champions | DSCP Team | DSCP Manger |
Communication | Communications about FAS DSCP. Also follow the communication plan for the different levels. | FAS Data Analyst | FAS Data Analyst | FAS Champions | DSCP Team |
Compliance/Application Security Testing | Test the application for compliance and testing the environment security | System Owner | Business Owner | IT Security/FAS Data Analyst | DSCP Team |
Documentation | Documentation of the program. | FAS Data Analyst | FAS Data Analyst | FAS Champions/DSCP | DSCP Team |
Procedures/Internal Processes | Create procedures for systems/applications. | System Owner | Business Owner | FAS Data Analyst | DSCP Team |
Survey Review | Reviews the results of application/system assessments. | FAS Champions | FAS Data Analyst | System Owner | DSCP Team |
Definitions
Name
|
Description
|
---|---|
Business Owner | An owner is an entity responsible for day-to-day operation and investment in a particular asset or system |
Chief Information Security Officer |
|
Control Point Champions |
|
Control Point Executives |
|
DSCP Manager | |
DSCP Team |
|
Executive Sponsors - CIO |
|
FAS Data Analyst (Program Manager) |
|
Steering Committee - IT Governance Steering |
|
System Owner |
The Information System Owner (also referred to as System Owner) is the individual responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of an information system. The System Owner is a key contributor in developing system design specifications to ensure the security and user operational needs are documented, tested, and implemented. |