S
System Owner
(Context: General, Information Systems Security)
General Context Definition: An agency Manager, designated by the Agency Head or Information Security Officer, who is responsible for the operation and maintenance of an agency IT system.
Specific Context Definition: The System Owner is the agency business manager responsible for having an IT system operated and maintained. With respect to IT security, the System Owner’s responsibilities include the following:
1. Require that the IT system users complete any system unique security training prior to, or as soon as practicable after, receiving access to the system, and no less than annually, thereafter.
2. Manage system risk and developing any additional information security policies and procedures required to protect the system in a manner commensurate with risk.
3. Maintain compliance with COV Information Security policies and standards in all IT system activities.
4. Maintain compliance with requirements specified by Data Owners for the handling of data processed by the system.
5. Designate a System Administrator for the system.
Reference:
General Context Definition: https://www.odga.virginia.gov/media/governorvirginiagov/chief-data-officer/images/Data-Governance-RACI-Template.xlsx
Specific Context Definition: SEC530 (p13 of 271) - SEC530_Information_Security_Standard.pdf