Related control
A.5.2 Information Security Roles and Responsibilities
Ask employees
- What are your basic information security responsibilities?
- Where can you find the information security policy?
- How do you report a suspected incident?
- What should you do if you receive suspicious email?
- What information are you allowed to access and use?
- What security training have you completed?
Ask managers
- What security responsibilities do you have for your team?
- How do you ensure staff complete required training?
- How are access requests approved?
- How do you handle role changes or leavers?
- Are security responsibilities included in job descriptions?
Ask system owners
- What systems or assets do you own?
- Who approves access to your system?
- How often do you review access?
- What risks are associated with the system?
- What controls are you accountable for?
Ask security leadership
- Who has overall information security responsibility?
- How are responsibilities allocated across the ISMS?
- How do you prevent gaps or overlaps?
- How are responsibilities reviewed when the ISMS changes?
- How are outsourced activities governed?
Ask vendor/procurement owners
- Who owns the relationship with this supplier?
- What security responsibilities are assigned to the supplier?
- How are supplier obligations monitored?
- What happens if the supplier has a security incident?
- Are supplier responsibilities documented in contracts or SLAs?
- Template
- Audit
- Interview
- A5 2
Note Metadata
Aliases: Role Interview Questions
Source: 90 Templates/Role and Responsibility Interview Questions.md