UnixTime

Research Note

Template - RACI Matrix

Research note.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this to clarify responsibility and accountability across ISMS activities.

Legend:

Letter Meaning
R Responsible — performs the work
A Accountable — ultimately answerable
C Consulted — provides input
I Informed — kept aware

Key rule: each important activity should have one clear accountable owner.

Activity Top Management CISO / Security Lead Business Owner IT Operations HR Procurement Employee / User
Approve information security policy A R C C C C I
Maintain ISMS I A/R C C C C I
Own business information risk A/C C A/R C C C I
Approve user access I C A/R R C I I
Implement user access I C C A/R C I I
Remove leaver access I C C R A/R I I
Report security incidents I A/R C R C C R
Manage supplier security requirements I C C C C A/R I
Perform security awareness I A/R C C R/C I R
Accept residual risk A/C C A/R C C C I