top of page

SecAware materials

SecAware logo

~3-page information security policy template on the role of "Information Owner".


Information Owners, nominated by management, are held personally accountable for protecting and legitimately exploiting significant information assets.  This policy describes their primary obligations - a powerful means of ensuring that key risk management and security decisions (including funding and risk acceptance) are made by the business functions that stand to gain or lose the most, albeit under guidance from corporate policies, standards and experts.


You may prefer terms such as 'Information Asset Owner' or 'Risk Owner', perhaps with slightly different accountabilities and responsibilities: since it's your ISMS, you are free to design and operate it as you wish, albeit in conformity with ISO/IEC 27001 if you want to become or remain certified.  The SecAware templates are merely good practice suggestions to give you a jump start over the standard and a forbidding blank page.


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Information ownership policy

bottom of page