The information system roles are those roles that are tied to the business management of the system as well as the continued operations of the system's past implementation:

• System owner: The system owner is responsible for the management and ongoing maintenance of the information system. The information system may be:
  • Owned by the system owner (the data owner and system owner are the same)
  • Owned by a separate data owner
  • Owned by multiple data owners (data may be comingled or enclaved)

The system owner is responsible for:

• • Implementation of organization-wide policies, standards, and baselines (this includes security policy)
  • Establishing information system-specific policies, standards, and baselines
  • Ensuring that everyone that uses the information system adheres to established policies, standards, and baselines for the information system

• Data owner: Is the data owner is responsible for establishing policies, standards, and baselines around how data will be used:
  • They establish rules for data usage and protection
  • They work with the information system owner to develop a secure platform for data access that meets organizational requirements
  • The data owner decides who may have access to information and what privileges a user has regarding access to data
• Administrator: The administrator adds and removes users to the information system. An admin also assigns permission within the information system. They are also expected to:
  • Follow a least-privileged principle
  • Execute IT-related functions to maintain the health of the information system

The following is a sample form that can be used to document the project and information system roles: