Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs.
RACI charts (responsible, accountable, consulted, and informed) charts may be used to document roles and responsibilities. Specific people or teams should be assigned for each documented role in the governance program, policies, and procedures. Roles and responsibilities should be reviewed and updated periodically.
- Confirm the organization has established a governance framework which details roles, responsibilities, and accountability.
- Evidence that governance meetings are reported and documented appropriately.
- Confirm that individuals/groups responsible for governance are tracking and monitoring progress against the governance program.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.