Audit of Departmental Security – Security RACI Chart
Long text description

Activities

Develop and maintain Government of Canada  security policies and standards

  1. DMC: Informed. Person that needs to know of the decision or action.
  2. IMC: Informed. Person that needs to know of the decision or action.
  3. Deputy Minister: Informed. Person that needs to know of the decision or action.
  4. ADM Corporate Services: Consulted. Person that needs to feedback and contribute to the activity.
  5. Chief Information Officer: Informed. Person that needs to know of the decision or action.
  6. Departmental Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  7. Manager Security: Informed. Person that needs to know of the decision or action.
  8. IT Security Officer: Informed. Person that needs to know of the decision or action.
  9. Manager Information Management: Informed. Person that needs to know of the decision or action.
  10. Manager Network Services: Informed. Person that needs to know of the decision or action.
  11. Director Application Services: Informed. Person that needs to know of the decision or action.
  12. Business Process Owner: Informed. Person that needs to know of the decision or action.
  13. TBS - CIOB: Accountable. Person who is accountable and has Yes/No/Veto. / Responsible. Person who performs an activity or does the work.
  14. Shared Services Canada: N/A

Develop and maintain Infrastructure Canada security policies and standards

  1. DMC: Informed. Person that needs to know of the decision or action.
  2. IMC: Informed. Person that needs to know of the decision or action.
  3. Deputy Minister: Informed. Person that needs to know of the decision or action.
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: Informed. Person that needs to know of the decision or action.
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.
  8. IT Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  9. Manager Information Management: Consulted. Person that needs to feedback and contribute to the activity.
  10. Manager Network Services: Consulted. Person that needs to feedback and contribute to the activity.
  11. Director Application Services: Consulted. Person that needs to feedback and contribute to the activity.
  12. Business Process Owner: Informed. Person that needs to know of the decision or action.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Create and maintain the Departmental Security Plan

  1. DMC: Informed. Person that needs to know of the decision or action.
  2. IMC: Informed. Person that needs to know of the decision or action.
  3. Deputy Minister: Accountable. Person who is accountable and has Yes/No/Veto.
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: Consulted. Person that needs to feedback and contribute to the activity.
  6. Departmental Security Officer: Responsible. Person who performs an activity or does the work.
  7. Manager Security: Consulted. Person that needs to feedback and contribute to the activity.
  8. IT Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  9. Manager Information Management: Consulted. Person that needs to feedback and contribute to the activity.
  10. Manager Network Services: Informed. Person that needs to know of the decision or action.
  11. Director Application Services: Informed. Person that needs to know of the decision or action.
  12. Business Process Owner: Informed. Person that needs to know of the decision or action.
  13. TBS - CIOB: Informed. Person that needs to know of the decision or action.
  14. Shared Services Canada: N/A

Maintain and monitor a security risk register

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: Informed. Person that needs to know of the decision or action.
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work. (For Corporate Security)
  8. IT Security Officer: Responsible. Person who performs an activity or does the work. (For IT Security)
  9. Manager Information Management: Consulted. Person that needs to feedback and contribute to the activity.
  10. Manager Network Services: Consulted. Person that needs to feedback and contribute to the activity.
  11. Director Application Services: Consulted. Person that needs to feedback and contribute to the activity.
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Establish, maintain and monitor a security data classification scheme

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  6. Departmental Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  7. Manager Security: Consulted. Person that needs to feedback and contribute to the activity.
  8. IT Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  9. Manager Information Management:
  10. Manager Network Services: Responsible. Person who performs an activity or does the work.
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Establish, maintain and monitor a security data classification scheme

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: N/A
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.
  8. IT Security Officer: N/A
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Manage inventory information assets

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  6. Departmental Security Officer: N/A
  7. Manager Security: N/A
  8. IT Security Officer: N/A
  9. Manager Information Management: Responsible. Person who performs an activity or does the work.
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: A / Responsible. Person who performs an activity or does the work.
  14. Shared Services Canada: N/A

Manage inventory IT assets

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  6. Departmental Security Officer: N/A
  7. Manager Security: N/A
  8. IT Security Officer: N/A
  9. Manager Information Management: N/A
  10. Manager Network Services: Responsible. Person who performs an activity or does the work.
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Assure adequate security controls are included in project development.

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: Consulted. Person that needs to feedback and contribute to the activity.
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work. (For Corporate Security)
  8. IT Security Officer: Responsible. Person who performs an activity or does the work. (For IT Security)
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: Consulted. Person that needs to feedback and contribute to the activity / Responsible. Person who performs an activity or does the work.
  12. Business Process Owner: Consulted. Person that needs to feedback and contribute to the activity.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Track and manage applications security requirements (SA&A Process)

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: N/A
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Consulted. Person that needs to feedback and contribute to the activity.
  8. IT Security Officer: Responsible. Person who performs an activity or does the work.
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: Consulted. Person that needs to feedback and contribute to the activity. / Responsible. Person who performs an activity or does the work.
  12. Business Process Owner: Consulted. Person that needs to feedback and contribute to the activity.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Develop, deliver, monitor security awareness activities

  1. DMC: Informed. Person that needs to know of the decision or action.
  2. IMC: Informed. Person that needs to know of the decision or action.
  3. Deputy Minister: Informed. Person that needs to know of the decision or action.
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: Consulted. Person that needs to feedback and contribute to the activity.
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.
  8. IT Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  9. Manager Information Management: Consulted. Person that needs to feedback and contribute to the activity.
  10. Manager Network Services: Consulted. Person that needs to feedback and contribute to the activity.
  11. Director Application Services: Consulted. Person that needs to feedback and contribute to the activity.
  12. Business Process Owner: Informed. Person that needs to know of the decision or action.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Establish and periodically review access rights and privileges (Physical)

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: N/A
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.
  8. IT Security Officer: N/A
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Establish and periodically review access rights and privileges (IT)

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: Consulted. Person that needs to feedback and contribute to the activity.
  6. Departmental Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  7. Manager Security: N/A
  8. IT Security Officer: Consulted. Person that needs to feedback and contribute to the activity.
  9. Manager Information Management: N/A
  10. Manager Network Services: Responsible. Person who performs an activity or does the work.
  11. Director Application Services: Accountable. Person who is accountable and has Yes/No/Veto.
  12. Business Process Owner: Consulted. Person that needs to feedback and contribute to the activity.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: Responsible. Person who performs an activity or does the work.(For IT infrastructure)

Define and monitor security incidents

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: N/A
  5. Chief Information Officer: N/A
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.(For Corporate Security)
  8. IT Security Officer: Responsible. Person who performs an activity or does the work.(For IT Security)
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: N/A
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Conduct regular vulnerability assessment

  1. DMC: N/A
  2. IMC: N/A
  3. Deputy Minister: N/A
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: Informed. Person that needs to know of the decision or action.
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.(For Corporate Security)
  8. IT Security Officer: Responsible. Person who performs an activity or does the work.(For IT Security)
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: Informed. Person that needs to know of the decision or action.
  13. TBS - CIOB: N/A
  14. Shared Services Canada: N/A

Develop, maintain and test Business Continuity Plan (BCP)

  1. DMC: N/A
  2. IMC: Informed. Person that needs to know of the decision or action.
  3. Deputy Minister: N/A
  4. ADM Corporate Services: Informed. Person that needs to know of the decision or action.
  5. Chief Information Officer: N/A
  6. Departmental Security Officer: Accountable. Person who is accountable and has Yes/No/Veto.
  7. Manager Security: Responsible. Person who performs an activity or does the work.
  8. IT Security Officer: N/A
  9. Manager Information Management: N/A
  10. Manager Network Services: N/A
  11. Director Application Services: N/A
  12. Business Process Owner: Consulted. Person that needs to feedback and contribute to the activity.
  13. TBS - CIOB: Informed. Person that needs to know of the decision or action.
  14. Shared Services Canada: Consulted. Person that needs to feedback and contribute to the activity.
Date modified: