This article provides additional information on how you can meet the requirement for the CAF control - A1.b Roles and Responsibilities
Define and assign key roles
- Identify the key roles and responsibilities for the governance of the security of your company's information, systems and networks. This help article provides some good examples.
- Assign the roles ensuring staff have the time, authority and competence to fulfil their role.
- A member of the board should have overall accountability for the security of your company's information, systems and networks.
Document the roles
The roles should be documented and clearly identify responsibility and accountability. It should be clear to whom risks should be escalated. This should be in the Roles and Responsibilities Policy.
Review the roles
The roles should be reviewed on a regular basis to ensure they are appropriately assigned.