Appendix A

Information Assurance - Management Structure Roles and Responsibilities

ROLE RESPONSIBLE PERSON RESPONSIBILITIES Accounting Officer Chief Constable Oversee all necessary controls in relation to the handling of information assets and sign off an annual statement of internal control. Senior Information Risk Deputy Chief Constable Overall responsibility for Owner information assurance in line with the requirements of IA Standard 2 – Risk Management and Accreditation of Information Systems. Senior Responsible Appropriate Manage Information Risk for a Owner Project/Programme specific project or programme to Managers ensure that information risk management processes are carried out. Information Asset Head of Business Area Manage information risk for a Owners (System specific system to ensure that Owner) information risk management processes are carried out. Accreditor Information Compliance Acts an impartial assessor of the Officer risks that a system may be exposed to and formally accredit that system on behalf of the board. Information Security Information Security Officer Ensure that all relevant security Officer documentation is developed and maintained and oversee all daily information assurance matters for the force. Crypto-Custodian SB Office Manager Responsible for the handling and storage of cryptographic material for the force. IT Security Officer Network Manager Responsible for the implementation of all technical security measures across the forces information assets. District/Departmental PSD Champion Responsible for the day to day Security Champions information assurance issues within their own area of business. Users All users of SYP Information All users are responsible for the Assets security of any information asset they have access to as part of their role within the organisation.