f I have a policy with certain users. Are these users the „responsible“ in a RACI-Matrix or will they only be the „informed“ ones which must comply with the policy?
Would the „responsible“ person, in that case, be the person who wrote and maintained the policy? Or would both fall into the category „responsible“?
My specific case is the „policy for safe development“. In that case, our programmers and system administrators are the users of this policy. Are the programmers and system administrators, in that case, the responsible people or just the informed ones that these policies exist and that this policy must be followed?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that the user's roles in a RACI Matrix must be defined according to specified activities (i.e., the same user may have different roles for different activities).
For example, if the activity is "communicate policy publication" users will have the role "informed", while the security officer, for example, will have the role "responsible" (he is the one to communicate the new policy).
If the activity is "follow policy", then programmers and system administrators will have the role "responsible", while the policy owner will have the role "accountable".
This article will provide you further explanation about RACI matrix:
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/
Comment as guest or Sign in
Nov 29, 2019