When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to map ISMS processes and controls to accountable owners, responsible teams, evidence, and review cycles.
| Control / Process | Accountable owner | Responsible role/team | Supporting roles | Evidence produced | Review frequency | Escalation path |
|---|---|---|---|---|---|---|
| Access reviews | Business system owner | IT access admin | Security, HR | Access review records | Quarterly | CISO / Risk Committee |
| Incident response | Incident Manager | Security Operations | IT, Legal, HR, Comms | Incident tickets, post-incident review | Per incident / annual test | Executive sponsor |
| Vulnerability remediation | IT Operations Manager | Infrastructure/App teams | Security | Scan reports, remediation tickets | Monthly | Head of IT |
| Supplier security review | Vendor owner | Procurement | Security, Legal | Supplier assessment, contract clauses | Annual / renewal | Procurement Head |
| Backup testing | Service owner | IT Operations | Security, Business Continuity | Restore test records | Quarterly / annually | Head of IT |
| Policy maintenance | Policy owner | ISMS Manager | Legal, HR, IT | Review record, approval log | Annual / trigger-based | Management Review |
- Template
- Control owner
- A5 2
- Isms
Note Metadata
Aliases: Control Owner Register
Source: 90 Templates/Control Owner Register.md
Related Notes
- Roles and Responsibilities
- ISO 27001 A.5.15 - Access Control
- ISO 27001 A.5.2 - Information Security Roles and Responsibilities
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- A.5.2 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISMS Implementation Roadmap
- ISO 27002 Annex A Control Interpretation Map
- Information and Associated Asset Inventory
- Templates MOC