While it is the responsibility of all staff to follow the management system procedures, it is the responsibility of all executive managers, business executives and other leaders to ensure that the management system procedures are followed.
Individual IT managers (i.e. process owners) are responsible for the progress of any assignment allocated to them and for the subsequent ISMS activities that follow.
The Chief Information Officer (CISO) is to appoint an Information Security Manager who is responsible for implementing the ISMS.
Senior managers are delegated responsibilities by the CISO to undertake assignments which fall within their delegations. The CISO retains final responsibility for the assign work and therefore should be sent copies of documents in accordance with the standing delegation (normally within three days).
The CISO has responsibility for all information security assignments and therefore is responsible for the quality of all work undertaken on those assignments. The CISO is responsible for ensuring that there is a quality plan for each assignment and that he/she considers the contents of the Quality Plan prior to approving the commencement of an assignment.
Normally the Information Security Manager will prepare the quality plan for the information security activities and submit these to the CISO for approval.