Guest user Created: Apr 28, 2016 Last commented: Apr 28, 2016

Who is accountable and responsible for applications and for the operating system

There is Windows Server 2008 and a few applications are working on that server for different business purposes of different business units. In this case who is accountable and responsible for these applications and for the operating system (Windows 2008)? Is it possible that the same organizational unit ( for example IT) at the same time to be accountable and responsible for asset (for example Windows 2008)? If yes then how to organize the change management process for the operating system?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Apr 28, 2016

Answer:

ISO 27001 doesn't distinguish between persons accountable and person responsible for assets - the only thing that is required by the standard is to define the asset owners, who are responsible for those assets (control A.8.1.2).

In your case, there are different options possible:
a) That the same person or organizational unit is owner of the server and of all applications
b) That one person or organizational unit is owner of the server, and other person/unit is the owner of all applications
c) That one person/unit is responsible for the ser ver, and that each application has different owner

For each change process, it is crucial that one person approves the change (e.g. Head of IT department), and that the other person executes the change (e.g. the IT administrator). This is one of the reasons why it is much better to have persons as asset owners, not organizational units.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 27, 2016

Expert Advice Community