Data, System, Mission Ownership, Custodians and Users:
Each role has unique roles and responsibilities to keep the data safe.
- Mission/Business Owner:
- Senior executives make the policies that govern our data security.
- Data/Information Owner:
- Management level, they assign sensitivity labels and backup frequency.
- This could be you or a Data Owner from HR, Payroll or other departments.
- System Owner:
- Management level and the owner of the systems that house the data.
- Often a Data Center Manager or an Infrastructure Manager.
- Data Custodian:
- These are the technical hands-on employees who do the backups, restores, patches, system configuration.
- They follow the directions of the Data Owner.
- Users:
- These are the users of the data.
- User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards.
- Data Controllers and Data Processors:
- Controllers create and manage sensitive data in the organization (HR/Payroll)
- Processors manage the data for Controllers (Outsourced Payroll)