SecAware materials

SecAware logo 150 animated ezgif.gif

~3-page information security policy template on the role of "Information Owner".


Information Owners, nominated by management, are held personally accountable for protecting and legitimately exploiting significant information assets.  This policy describes the primary obligations of Information Owners - a powerful means of ensuring key risk management and security decisions (including funding and risk acceptance) are made by the business functions that stand to gain or lose the most, albeit under guidance from corporate policies, standards and experts.


[You may prefer alternative titles such as 'information asset owner' or 'information risk owner', perhaps with slightly different accountabilities and responsibilities: since it's your ISMS, you are free to design and operate it as you wish, albeit in compliance with ISO/IEC 27001 if you want to be and remain certified.  The SecAware ISMS templates are merely good practice suggestions to give you a jump start over the standard and a forbidding blank page.]


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Information ownership policy