Roles and Responsibilities Matrix

Roles

Category
Item
Responsible
Accountable
Consult
Inform
Application Create remediation plans for risks discovered on systems. System Owner Business Owner FAS Data Analyst DSCP Team
Audit Prep Prepare documentation for audit FAS Data Analyst FAS Champions DSCP Team DSCP Manger
Communication Communications about FAS DSCP. Also follow the communication plan for the different levels. FAS Data Analyst FAS Data Analyst FAS Champions DSCP Team
Compliance/Application Security Testing Test the application for compliance and testing the environment security System Owner Business Owner IT Security/FAS Data Analyst DSCP Team
Documentation Documentation of the program. FAS Data Analyst FAS Data Analyst FAS Champions/DSCP DSCP Team
Procedures/Internal Processes Create procedures for systems/applications. System Owner Business Owner FAS Data Analyst DSCP Team
Survey Review Reviews the results of application/system assessments. FAS Champions FAS Data Analyst System Owner DSCP Team

 

Definitions

Name
Description
Business Owner An owner is an entity responsible for day-to-day operation and investment in a particular asset or system
Chief Information Security Officer
  • Advise project direction and support issue identification and resolution
  • Validate scope, phasing, scope changes
  • Liaison to sponsors and control point executives
Control Point Champions
  • Coordinate and monitor development of IT security compliance plans
  • Ensures task completion on time, with quality
  • Identifies and escalates issues, reports progress
  • Provides business analysis
Control Point Executives
  • Control of funding to address remediation activities
  • Sponsor participation within department
  • Advise on direction and support issue identification and resolution
  • Validate scope and phasing/approves scope changes
DSCP Manager  
DSCP Team
  • Executes tasks on the work plan
  • Comprises program business analysts, technical experts, consultants, and others
Executive Sponsors - CIO
  • Lead advocate on behalf of project
  • Assurre resources and funding
  • Monitor scope and report progress to CET
FAS Data Analyst (Program Manager)
  • Accountable for successful development and delivery of the program
  • Assure program is properly resourced to prepare work products and meeting milestones
Steering Committee - IT Governance Steering
  • Advise on project direction and validate scope and phasing/approves scope change
  • Mobilize SMEs; advises on overall change management and user adoption strategies
  • Communicate and advocate on behalf of project
System Owner

The Information System Owner (also referred to as System Owner) is the individual responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of an information system.

The System Owner is a  key contributor in developing system design specifications to ensure the security and user operational needs are documented, tested, and implemented.