The information system roles are those roles that are tied to the business management of the system as well as the continued operations of the system's past implementation:
- System owner: The system owner is responsible for the management and ongoing maintenance of the information system. The information system may be:
- Owned by the system owner (the data owner and system owner are the same)
- Owned by a separate data owner
- Owned by multiple data owners (data may be comingled or enclaved)
The system owner is responsible for:
-
- Implementation of organization-wide policies, standards, and baselines (this includes security policy)
- Establishing information system-specific policies, standards, and baselines
- Ensuring that everyone that uses the information system adheres to established policies, standards, and baselines for the information system
- Data owner: Is the data owner is responsible for establishing policies, standards, and baselines around how data will be used:
- They establish rules for data usage and protection
- They work with the information system owner to develop a secure platform for data access that meets organizational requirements
- The data owner decides who may have access to information and what privileges a user has regarding access to data
- Administrator: The administrator adds and removes users to the information system. An admin also assigns permission within the information system. They are also expected to:
- Follow a least-privileged principle
- Execute IT-related functions to maintain the health of the information system
The following is a sample form that can be used to document the project and information system roles: