UnixTime

Research Note

Roles and Responsibilities

Roles and responsibilities define who is accountable for information security activities, who performs them, who approves them, and who must be consulted or informed.

On this page

Plain-language meaning

Roles and responsibilities define who is accountable for information security activities, who performs them, who approves them, and who must be consulted or informed.

For ISO/IEC 27001 study, link this concept back to A.5.2 Information Security Roles and Responsibilities. That control note is the detailed Annex A note for assigning, communicating, and maintaining security responsibilities.

Practical use

Use this concept when building RACI matrices, control owner registers, audit interview plans, supplier responsibilities, access approval workflows, and management review inputs.

Exam cue

Responsibility and accountability are related but not identical. Responsibility is about doing the work; accountability is about being answerable for the outcome.